rewritten

php does not parse single quoted strings. use double quoted string instead

I don't use double quoted strings actually. When building a var I concatenate them together.

$myvalue = 'apples';
$myvar = "I really love $myvalue";
echo $myvar;
$myvar = 'I really love' . $myvalue;
echo $myvar;

both are the same, I prefer the second.

this wouldn't give the expected results
$myvalue = 'apples';
$myvar = 'I really love $myvalue';
echo $myvar;

you shouldn't use variables from your $_POST array directly in your insert as this opens the door for injection and other nasty things so I always suggest pulling them into vars first

pretend we have firstname and lastname coming from our form

$firstname = $_POST['firstname'];
$lastname = $_POST['lastname'];

how you test to make sure these vars are what they are supposed to be depends on what you are expecting there are threads in the library [webmasterworld.com] about that and I won't cover it here.

so now we could build our query to be sent to our db

$q = "insert into tablename (firstname,lastname) values('" . $firstname . "','" . $lastname . "')";

I used double quotes around the outside because I needed to use single quotes in my string, I am just too lazy to escape if I don't have to and it makes it easier to read

also
[dev.mysql.com...]