Use placeholders.

$statement =
     "INSERT INTO Posts( subject, id, heading, body, date, time, appro
+ved )"
     . " VALUES ( ?, ?, ?, ?, CURDATE(), CURTIME(), 1 )";

$insert = $db->prepare( $statement ) or die "Couldn't prepare the quer
+y:"; 

$rv = $insert->execute( $subject, $ids, $post_title, $checked_feedback
+ )
    or die "Order insert failed: ", $insert->finish();
[download]

Make sure you don’t interpolate any user input literally into your SQL statements the way you’re showing in your code. That’s a barn door sized security hole. You want to inform yourself about SQL injection.

As an aside, that code looks like you need a healthy dose of strict, warnings, and particularly, taint mode. The way you’re working doesn’t look very safe… you’re going to end up with a lot of security holes like that. Have a look at Ovid’s excellent CGI course.

Makeshifts last the longest.