Correct:
--> Use addslashes and sprintf to avoid security holes and make the code cleaner
--> Split the query over several lines
--> Define the table fields that will be affected by the INSERT statement
Answers A, B, and D are correct. First of all, you need to ensure that the query is secure; this is done by executing addslashes (or the equivalent function for your DBMS of choice) to prevent scripting attacks. If your query is long, it’s not a bad idea to split it over several lines to get a better overview of your code. Use sprintf() where possible to make the code cleaner. Finally it’s always a good idea to define the table fields that will be filled by an INSERT statement to prevent
unexpected errors if the table changes.