Error in GET method

I have a table startpoke , I need to enter the name of the pokemon in the name_poke column, in the registration template it looks like this:

<input name='startpoke' type='radio' value='Bulbasaur' class='checkbox' >

And from the server side:

mysql_query('INSERT INTO startpoke SET name_poke='.$_GET['startpoke']);

Tell me what’s wrong?


Answer 1, authority 100%

mysql_query('INSERT INTO startpoke (name_poke) VALUES ("'.$_GET['startpoke'].'")');

Answer 2, authority 67%

Dear, where is the protection? Nobody canceled SQL Injection)

mysql_real_escape_string();


Answer 3, authority 67%

OMG)

if(isset($_GET['startpoke']))
$startpoke = mysql_real_escape_string($_GET['startpoke']);
mysql_query("INSERT INTO startpoke (name_poke) VALUES ('$startpoke')");

Oops, I got beat