Single entry registration module A small problem of combining SQL statements

Ask everyone a question, a registration class written in a single entry way

$uname =$_post[' uname '];
$pwd =md5 ($_post[' pwd ');
Combined SQL
$sql = "INSERT into user (Username,password) VALUES ($uname, $pwd)";
M ()->exec ($sql);

$sql There is a problem with inserting the data, both $uname and $pwd are getting the value. Which mistake did I write, the double quotation marks are not directly able to parse the variable?
I changed it to this direct insert no problem $sql= "insert into User (Username,password) VALUES (' Xiaozhang ', ' 34345 ')";
$sql I change to $sql = "INSERT into user (Username,password) VALUES (". $uname. ",". $pwd. ")"; Also not, where the error, should be how to write.

Reply to discussion (solution)

My debugging method, first go to the database to write an INSERT statement, after successful execution, according to your written statements to piece together the PHP side of the expression on the line.

$sql = "INSERT into user (Username,password) VALUES (' $uname ', ' $pwd ')";
Strings need to be enclosed in quotation marks, otherwise they will be misunderstood

$sql = "INSERT into user (Username,password) VALUES ('". $uname. "', '". $pwd. "')"; SQL output can be used to see what happens when something goes wrong.

$sql = "INSERT into user (Username,password) VALUES (' $uname ', ' $pwd ')";
Strings need to be enclosed in quotation marks, otherwise they will be misunderstood

$uname is not a variable, why enclose it in single quotation marks. is the single quotation mark in PHP not an unresolved variable?

$sql = "INSERT into user (Username,password) VALUES (' $uname ', ' $pwd ')";
Strings need to be enclosed in quotation marks, otherwise they will be misunderstood

$uname is not a variable, why enclose it in single quotation marks. is the single quotation mark in PHP not an unresolved variable?

If you uname defined as varchar, no home quotes, SQL will error.

$sql = "INSERT into user (Username,password) VALUES (' $uname ', ' $pwd ')";
Strings need to be enclosed in quotation marks, otherwise they will be misunderstood

$uname is not a variable, why enclose it in single quotation marks. is the single quotation mark in PHP not an unresolved variable?

If you uname defined as varchar, no home quotes, SQL will error.

My database defines the type of char (20)

