Up to now you have been placing values and variables within queries inside single quotes:
$query="SELECT surname, firstname FROM people WHERE gender='$gender'";
This is the correct syntax but you may also have seen something which looks very similar being done to the MySQL field names:
$query="SELECT `surname`, `firstname` FROM `people` WHERE `gender`='$gender'";
The character being used is known as the "tick" or apostrophe and is often found top left on your keyboard. The tick prevents problems when you choose field names which are also MySQL reserved words. For example "limit", "order" or even "min".
There is also a slight security benefit although that is only relevant if you accept user-generated field names in queries. You might do this in a Web interface to a database (e.g. PHPMyAdmin). The problem is that nay decent hacker will be able to allow for the ticks by including a closing tick in his SQL so using mysql_real_escape_string is still the only safe way to treat user-generated data.
