The first thing is that you need to validate your variables. You never want to insert raw data. This makes you a sitting duck for someone with bad intentions.
Always use mysql_escape_string. (Stripslashes() when you call the data.)
$city=mysql_escape_string($_POST['city']);
if (is_numeric($city)){
$sql=[query goes here];
mysql_query($sql) or die(mysql_error());
[etc..]
}
You also want to verify the existence of the variable. In the above example, is_numeric both verifies there is a variable and validates it. Verifying the variable prevents errors occurring when no variable is passed and helps avoid bugs.
“1” is technically a string and will be rejected on some servers where a number is required, but most will accept it even though its not quite right.