Getting MySQL error 1064 when performing an INSERT query

Question

What I'm doing is grabbing a feed and inserting the data from each of the feed items. Please see below for the code I'm using. Ok. So I run the page with the query, it loads the feed in to simplexml and I insert the first two items in the feed however I get an error when it gets to the third item. See below for the error I'm getting.

I'm using PHP5 & MySQL 5.0.4

PHP code:

$xml = simplexml_load_file($feed['url']);

foreach($xml->channel->item as $item)
{           
    $this->query = $this->db->query("
    INSERT INTO `feed_items`
    (`feed_id`, `guid`, `publish_date`, `update_of`, `link`, `title`, `description`, `comments_link`)
    VALUES
    ('{$feed['id']}', '{$item->guid}', '{$item->pubDate}', NULL, '{$item->link}', '{$item->title}', '{$item->description}', NULL)
    ");
}

Error:

A Database Error Occurred
Error Number: 1064

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'permitted_uri_chars']? That seems risky though. Is it a static page that you're ' at line 4

INSERT INTO `feed_items` (`feed_id`, `guid`, `publish_date`, `update_of`, `link`, `title`, `description`, `comments_link`) VALUES ('2', 'http://twitter.com/kyct/statuses/4131154118', 'Sun, 20 Sep 2009 20:54:41 +0000', NULL, 'http://twitter.com/kyct/statuses/4131154118', 'kyct: @jtkendall Edit your $config['permitted_uri_chars']? That seems risky though. Is it a static page that you're serving?', 'kyct: @jtkendall Edit your $config['permitted_uri_chars']? That seems risky though. Is it a static page that you're serving?', NULL)

Feed URL:

http://twitter.com/statuses/user_timeline/6431322.rss

Here is a sample of this feed:

<?xml version="1.0" encoding="UTF-8"?>
<rss xmlns:atom="http://www.w3.org/2005/Atom" version="2.0">
  <channel>
    <title>Twitter / kyct</title>
    <link>http://twitter.com/kyct&lt;/link&gt;
    <atom:link type="application/rss+xml" href="http://twitter.com/statuses/user_timeline/6431322.rss" rel="self"/>
    <description>Twitter updates from Kylee Tilley / kyct.</description>
    <language>en-us</language>
    <ttl>40</ttl>
  <item>
    <title>kyct: RT @ruinbox #reddit asploded. Here is the code: http://paste2.org/p/441124&lt;/title&gt;
    <description>kyct: RT @ruinbox #reddit asploded. Here is the code: http://paste2.org/p/441124&lt;/description&gt;
    <pubDate>Mon, 28 Sep 2009 03:01:34 +0000</pubDate>
    <guid>http://twitter.com/kyct/statuses/4433385042&lt;/guid&gt;
    <link>http://twitter.com/kyct/statuses/4433385042&lt;/link&gt;
  </item>
  <item>
    <title>kyct: #reddit.com is hitting hit by some worm/exploit in the comments. Viewing comments will cause you to spread this worm/exploit.</title>
    <description>kyct: #reddit.com is hitting hit by some worm/exploit in the comments. Viewing comments will cause you to spread this worm/exploit.</description>
    <pubDate>Mon, 28 Sep 2009 02:22:51 +0000</pubDate>
    <guid>http://twitter.com/kyct/statuses/4432550280&lt;/guid&gt;
    <link>http://twitter.com/kyct/statuses/4432550280&lt;/link&gt;
  </item>
  <item>
    <title>kyct: @jtkendall Edit your $config['permitted_uri_chars']? That seems risky though. Is it a static page that you're serving?</title>
    <description>kyct: @jtkendall Edit your $config['permitted_uri_chars']? That seems risky though. Is it a static page that you're serving?</description>
    <pubDate>Sun, 20 Sep 2009 20:54:41 +0000</pubDate>
    <guid>http://twitter.com/kyct/statuses/4131154118&lt;/guid&gt;
    <link>http://twitter.com/kyct/statuses/4131154118&lt;/link&gt;
  </item>
  </channel>

</rss>

Answer 1

'kyct: @jtkendall Edit your $config['permitted_uri_chars']? That seems risky though. Is it a static page that you're serving?', 'kyct: @jtkendall Edit your $config['permitted_uri_chars']? That seems risky though. Is it a static page that you're serving?'

You need to escape the single quotes, like so:

"INSERT INTO `feed_items`
(`feed_id`, `guid`, `publish_date`, `update_of`, `link`, `title`, `description`, `comments_link`)
VALUES
('{$feed['id']}', '{$item->guid}', '{$item->pubDate}', NULL, '{$item->link}', '" . mysql_real_escape_string($item->title) . "', '" . 
 mysql_real_escape_string($item->description) . "', NULL)
";

Answer 2

You need to escape the quotes on (at least) the 'description' field before entering it into the db:

foreach($xml->channel->item as $item)
{                                       
    $this->query = $this->db->query("
    INSERT INTO `feed_items`
    (`feed_id`, `guid`, `publish_date`, `update_of`, `link`, `title`, `description`, `comments_link`)
    VALUES
    ('{$feed['id']}', '{$item->guid}', '{$item->pubDate}', NULL, '{$item->link}', '{$item->title}', '" . mysql_real_escape_string($item->description). "', NULL)
    ");
}

Although I'm not sure if mysql_real_escape_string is what's used that much now.