无法将UDID从iPhone发送到PHP到MySQL数据库
I am having difficulties sending the UDID from the iPhone to a PHP script to my MySQL database. I am not having a problem POSTing the data to the PHP script, but for some reason the PHP is not putting it into the database. I have tried entering "12343214312" as my example UDID and thats working, but the actual UDID is not for some reason. Is it some formatting mistake I am making?
Here is my code for the PHP:
<?php
$udidfromiphone = $_POST['udidfromiphone'];
//Connect To Database
$hostname='HOSTNAME.db.7774297.hostedresource.com';
$username='USERNAME';
$password='PASSWORD';
$dbname='DBNAME';
mysql_connect($hostname,$username, $password) OR DIE ('Unable to connect to database! Please try again later.');
mysql_select_db($dbname);
$query = "INSERT INTO mydatabase VALUES ($udidfromiphone,'7')";
echo "Values added";
mysql_query($query);
mysql_close();
?>
In my MySQL, I have two fields, one for UDID which is a varchar(60) and another field which is an integer.
Thanks!!
我很难将UDID从iPhone发送到PHP脚本到MySQL数据库。 我没有问题将数据发布到PHP脚本,但由于某种原因,PHP没有将它放入数据库。 我尝试输入“12343214312”作为我的示例UDID并且可以工作,但实际的UDID不是出于某种原因。 我正在制作一些格式错误吗? p>
这是我的PHP代码: p>
&lt;?php
$ udidfromiphone = $ _POST ['udidfromiphone'];
//连接到数据库
$ hostname ='HOSTNAME.db.7774297.hostedresource.com';
$ username ='USERNAME';
$ password =' PASSWORD';
$ dbname ='DBNAME';
mysql_connect($ hostname,$ username,$ password)或DIE('无法连接数据库!请稍后再试。');
mysql_select_db($ dbname);
$ query =“INSERT INTO mydatabase VALUES($ udidfromiphone,'7')”;
echo“values added”;
mysql_query($ query);
mysql_close() ;
?&gt;
code> pre>
在我的MySQL中,我有两个字段,一个用于UDID,一个是varchar(60),另一个字段是一个整数。
谢谢!! p>
div>
INSERT INTO mydatabase VALUES ($udidfromiphone,'7')
When trying this with a number, the query becomes like this:
INSERT INTO mydatabase VALUES (12345678,'7')
That's valid SQL. A UDID consists of letters and numbers though, so the query will be like this:
INSERT INTO mydatabase VALUES (ABCDE12345FGHI,'7')
That's not correct SQL. Quote your strings:
INSERT INTO mydatabase VALUES ('$udidfromiphone','7')
Furthermore, this is prone to SQL injection. Escape your values. Google for "SQL injection", there's a ton of material about it out there.