PHP syntax error with this MySQL query

Question

MySQL claims I have a syntax error in my query, but I cannot seem to fix it completely. Any ideas?

The error states: "You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '..'','0',''..', '..'','','','','','','')' at line 2"

The line is here:

$savequery = "INSERT INTO search (title, description, url, keywords, type, mod_url, developer, v162, v164, v172)
            VALUES ('$name', '$desc', '$url', '$keywords', '$type', '$link', '$dev', '$v162', '$v164', '$v172')";

Also, here's the "run or die" variable for that query:

$save = $dbsave->query($savequery) or die(mysqli_error($dbsave));

UPDATE:

Because it has been requested, here's my variable sanitation:

$name = mysql_real_escape_string($name);
$desc = mysql_real_escape_string($desc);
$url = mysql_real_escape_string($url);
$keywords = mysql_real_escape_string($keywords);
$type = mysql_real_escape_string($type);
$link = mysql_real_escape_string($link);
$dev = mysql_real_escape_string($dev);
$v162 = mysql_real_escape_string($v162);
$v162 = mysql_real_escape_string($v164);
$v162 = mysql_real_escape_string($v172);
$id = mysqli_real_escape_string($id);

Answer 1

You should use $mysqli->real_escape_string($varHere); on every one of those variables. I would use a loop:

$vars = array($name, $desc, $url, $keywords, $type, $link, $dev, $v162, $v164, $v172);
foreach($vars as $v){
  $qA[] = $mysqli->real_escape_string($v); // Object Oriented Style
}
$savequery = "INSERT INTO search (title, description, url, keywords, type, mod_url, developer, v162, v164, v172) VALUES ('$qA[0]', '$qA[1]', '$qA[2]', '$qA[3]', '$qA[4]', '$qA[5]', '$qA[6]', '$qA[7]', '$qA[8]', '$qA[9]')";

If you don't like those Array variables then you can use list() .