MySQL syntax error on escaped string

Question

MySQL is giving a 1064 on an escaped string.

$date is set above.
$article_clean = mysqli_real_escape_string($dbc,$article);
$guid_clean= mysqli_real_escape_string($dbc,$guid_clean);
$pub_date_clean = mysqli_real_escape_string($dbc,$pub_date);
$title_clean = mysqli_real_escape_string($dbc,$title);
$query = "INSERT INTO blog_post (date,article,link,pub_date,title) VALUES ('$date',$article_clean','$guid_clean','$pub_date_clean','$title_clean')";

mysqli_query($dbc, $query);

Why?

Answer 1

$query = "INSERT INTO blog_post (blah blah) VALUES ('$date',$article_clean', ...)";
                                                            ^

You have no opening quote for this argument. You need to add one.

On top of that, this statement looks suspicious:

$guid_clean = mysqli_real_escape_string ($dbc, $guid_clean);

All the others act on the "unclean" version to produce the clean one. Unless you've already set guid_clean somehow, it probably should be:

$guid_clean = mysqli_real_escape_string ($dbc, $guid);

As I say, that's not necessarily the case but I'd check it to make sure.

Answer 2

You have missed a single quote, Rewrite your query line with this one:-

$query = "INSERT INTO blog_post (date,article,link,pub_date,title) VALUES ('$date','$article_clean','$guid_clean','$pub_date_clean','$title_clean')";

Answer 3

Try to get a better PHP IDE to get over these problems easily.