is there any difference between
mysql_query = ("INSERT INTO user SET VALUES(,'".$name."', '".$pass."', '".$seed."')");
and
mysql_query = ("INSERT INTO user SET VALUES('$name', '$pass', '$seed')");
in inserting values in db. I’m referring to the qoutes, seems like I’m confused which is the safest way to write data in db.
Assuming I pass already the variables in mysql_real_string_escape.
Both of the examples you posted above have incorrect syntax as you can’t use an equals sign in between a function and the argument(s), the second issue is the first example has a comma before the $name value which will a MySQL error due to there been no value in the argument. See the below which is the correct PHP MySQL function syntax.
if (!$result = mysql_query("INSERT INTO user VALUES('$name', '$pass', '$seed')")) {
trigger_error('A MySQL Error has occurred:<br />' . mysql_error(), E_USER_WARNING);
}
SET VALUES is wrong in both cases