Cannot send UDID from iPhone to PHP to MySQL database

Question

I am having difficulties sending the UDID from the iPhone to a PHP script to my MySQL database. I am not having a problem POSTing the data to the PHP script, but for some reason the PHP is not putting it into the database. I have tried entering "12343214312" as my example UDID and thats working, but the actual UDID is not for some reason. Is it some formatting mistake I am making?

Here is my code for the PHP:

<?php

    $udidfromiphone = $_POST['udidfromiphone'];
    //Connect To Database
    $hostname='HOSTNAME.db.7774297.hostedresource.com';
    $username='USERNAME';
    $password='PASSWORD';
    $dbname='DBNAME';

    mysql_connect($hostname,$username, $password) OR DIE ('Unable to connect to database! Please try again later.');
    mysql_select_db($dbname);

$query = "INSERT INTO mydatabase VALUES ($udidfromiphone,'7')";
    echo "Values added";
    mysql_query($query);


     mysql_close();   
?>

In my MySQL, I have two fields, one for UDID which is a varchar(60) and another field which is an integer.

Thanks!!

Answer 1

INSERT INTO mydatabase VALUES ($udidfromiphone,'7')

When trying this with a number, the query becomes like this:

INSERT INTO mydatabase VALUES (12345678,'7')

That's valid SQL. A UDID consists of letters and numbers though, so the query will be like this:

INSERT INTO mydatabase VALUES (ABCDE12345FGHI,'7')

That's not correct SQL. Quote your strings:

INSERT INTO mydatabase VALUES ('$udidfromiphone','7')

Furthermore, this is prone to SQL injection. Escape your values. Google for "SQL injection", there's a ton of material about it out there.