Error in GET method

I have a table startpoke , I need to enter the name of the pokemon in the name_poke column, in the registration template it looks like this:

<input name='startpoke' type='radio' value='Bulbasaur' class='checkbox' >

And from the server side:

mysql_query('INSERT INTO startpoke SET name_poke='.$_GET['startpoke']);

Tell me what’s wrong?

Answer 1, authority 100%

mysql_query('INSERT INTO startpoke (name_poke) VALUES ("'.$_GET['startpoke'].'")');

Answer 2, authority 67%

Dear, where is the protection? Nobody canceled SQL Injection)


Answer 3, authority 67%


$startpoke = mysql_real_escape_string($_GET['startpoke']);
mysql_query("INSERT INTO startpoke (name_poke) VALUES ('$startpoke')");

Oops, I got beat