How can I prevent SQL injection in PHP?

If user input is inserted without modification into an SQL query, then the application becomes vulnerable to SQL injection, like in the following example:

$unsafe_variable = $_POST["user_input"]; 

mysql_query("INSERT INTO `table` (`column`) VALUES ("$unsafe_variable")");

That"s because the user can input something like value"); DROP TABLE table;--, and the query becomes:

INSERT INTO `table` (`column`) VALUES("value"); DROP TABLE table;--")

What can be done to prevent this from happening?