php - null column in protection from sql injection -

hi having contact form in website user can optionaly fill of fields , after click on submit button data save in database of worked fine until decide sanitize code sql injection mentioned @ first before trying sanitize sql injection worked showed in below code

<form method="post" action="">          <input type="text" name="name" />name          <select dir="rtl" style="width: 173px;" name="case" >          <option value="" disabled selected hidden>اplease choose</option>          <option  value='rent'>rent</option>          <option  value='sell'>sell</option>            </select >            <input type="checkbox" name="check1" value='a'>apartment<br>          <input type="submit" value="submit" />          </form>  <?php  include("config.php");      if(isset($_post['submit'])){             $date_clicked = date('y-m-d h:i:s');        }      //insert database      	$insert =mysqli_query($connect,"insert $db_table values (to simplify code not write part)");        }      ?>

have fill dropdown lists , checkboxes otherwise gives error "column '' can not null". can not insert date , time database gives same error. here code when protect fron sql injection:

 <form method="post" action="">      <input type="text" name="name" />name      <select dir="rtl" style="width: 173px;" name="case" >      <option value="" disabled selected hidden>اplease choose</option>      <option  value='rent'>rent</option>      <option  value='sell'>sell</option>        </select >        <input type="checkbox" name="check1" value='a'>apartment<br>      <input type="submit" value="submit" />      </form>        <?php       include("config.php");      if(isset($_post['submit'])){             $date_clicked = date('y-m-d h:i:s');        }      if(isset($_post['submit'])){       //insert database      $query = mysqli_prepare($connect, "insert $db_table values (?,?,?,?)");          /* bind parameters markers */          mysqli_stmt_bind_param( $query, "ssss", $_post[name],$_post['check1'],$_post['case'],$_post['date_clicked']);      // execute query      if ( mysqli_stmt_execute($query) ) {        echo "successfully inserted " . mysqli_affected_rows($connect) . " row";      } else {        echo "error occurred: " . mysqli_error($connect);      }        }          ?>

please me

make sure variables exist. necessary because checkbox, example, null if not checked , problem table using. set defaults , insert it.

$name = !empty($_post['name']) ? $_post['name'] : ''; $check1 = !empty($_post['check1']) ? $_post['check1'] : ''; $case = !empty($_post['case']) ? $_post['case'] : ''; $date_clicked = date('y-m-d h:i:s');  // prepare , bind $stmt = $connect->prepare("insert `$db_table` (`name`, `check1`, `case`, `date_clicked`) values (?, ?, ?, ?)"); $stmt->bind_param("ssss", $name, $check1, $case, $date_clicked);  $stmt->execute(); $stmt->close();