After setting up a mysqli object in php, i want to make to insert some POST variables into a table, but I have a question about how the quotes will work out:
$sql = "INSERT INTO whatever (a, b, c)
VALUES ('$_POST[a]','$_POST[b]','$_POST[c]')";
I'm aware, however, that most times I've used global variables like POST or GET, there are quotes around the variable name -- my question is do I have to so in the sql statement above? Should I then escape single or double quotes around those variable names? Not sure if quotes are even necessary...