There is no difference in security between the two. The former is potentially faster, though the difference is negligible, hence I tend to prefer the latter as I find it more readable.
For security, look into prepared statements say with the PDO extension. If that is not available to you, use the appropriate escaping mechanism for your database API.
