Try this:

$type = 'testing';
mysql_query("INSERT INTO contents (type, reporter, description) VALUES('$type', 'john', 'whatever')");

You need to put '$type' not just $type

If the variables contain user input or other data you can't trust, be sure to escape the data. Like this:

$query = sprintf("INSERT INTO contents (type) VALUES ('%s')", mysql_real_escape_string($type));
$result = mysql_query($query);

As long as it is a string - you have to put it within quotes

$type = 'testing';
mysql_query("INSERT INTO contents (type, reporter, description) VALUES('$type', 'john', 'whatever')");

And, yes, as Dani adviced: you should sanitize every string you put in the query with mysql_real_escape_string()

That's the easy answer:

$query="SELECT * FROM CountryInfo WHERE Name = '".$name."'";

and you define $name whatever you want.
And another way, the complex way, is like that:

$query = " SELECT '" . $GLOBALS['Name'] . "' .* " .
         " FROM CountryInfo " .
         " INNER JOIN District " .
         " ON District.CountryInfoId = CountryInfo.CountryInfoId " .
         " INNER JOIN City " .
         " ON City.DistrictId = District.DistrictId " .
         " INNER JOIN '" . $GLOBALS['Name'] . "' " .
         " ON '" . $GLOBALS['Name'] . "'.CityId = City.CityId " .
         " WHERE CountryInfo.Name = '" . $GLOBALS['CountryName'] .
         "'";

The rules of adding strings into a query are plain and simple:

1. The string should be enclosed in quotes.
2. Therefore, these quotes should be escaped in the data, as well as some other characters, using mysql_real_escape_string()

So, your code becomes

$type     = 'testing';
$type     = mysql_real_escape_string($type);
$reporter = "John O'Hara";
$reporter = mysql_real_escape_string($reporter);

$query    = "INSERT INTO contents (type, reporter, description) 
             VALUES('$type', '$reporter', 'whatever')";
mysql_query($query) or trigger_error(mysql_error()." in ".$query);
// note that when running mysql_query you have to always check for errors

But if you're going to add the variable in another part of a query, the rules change.

• To add a number, you have to cast it to its type explicitly.

For example:

$limit = intval($_GET['limit']); //casting to int type!
$query = "SELECT * FROM table LIMIT $limit";

• To add an identifier, it's better to choose it from some sort of white list, consists of hardcoded values

For example:

if ($_GET['sortorder'] == 'name') {
  $sortorder = 'name';
} else {
  $sortorder = 'id';
}
$query = "SELECT * FROM table ORDER BY $sortorder";

To make it all simplified yet with guaranteed safety, one have to use some sort of placeholder system where the variable goes into a query not directly but via some proxy, called a placeholder.

So, your query call becomes something like this:

$type     = 'testing';
$reporter = "John O'Hara";
pquery("INSERT INTO contents (type, reporter, description) VALUES(?s, ?s, ?s)",
        $type, $reporter,'whatever');

And there will be absolutely no need to worry about all these matters.

For the limited set of placeholders you can use PDO. Though for real life usage you will need extended set which is offered by but a few libraries, one of which is SafeMysql.