无法将UDID从iPhone发送到PHP到MySQL数据库

问题描述：

I am having difficulties sending the UDID from the iPhone to a PHP script to my MySQL database. I am not having a problem POSTing the data to the PHP script, but for some reason the PHP is not putting it into the database. I have tried entering "12343214312" as my example UDID and thats working, but the actual UDID is not for some reason. Is it some formatting mistake I am making?

Here is my code for the PHP:

<?php

    $udidfromiphone = $_POST['udidfromiphone'];
    //Connect To Database
    $hostname='HOSTNAME.db.7774297.hostedresource.com';
    $username='USERNAME';
    $password='PASSWORD';
    $dbname='DBNAME';

    mysql_connect($hostname,$username, $password) OR DIE ('Unable to connect to database! Please try again later.');
    mysql_select_db($dbname);

$query = "INSERT INTO mydatabase VALUES ($udidfromiphone,'7')";
    echo "Values added";
    mysql_query($query);


     mysql_close();   
?>

In my MySQL, I have two fields, one for UDID which is a varchar(60) and another field which is an integer.

Thanks!!

我很难将UDID从iPhone发送到PHP脚本到MySQL数据库。我没有问题将数据发布到PHP脚本，但由于某种原因，PHP没有将它放入数据库。我尝试输入“12343214312”作为我的示例UDID并且可以工作，但实际的UDID不是出于某种原因。我正在制作一些格式错误吗？ p>

这是我的PHP代码： p>

 ＆lt;？php 
 
  $ udidfromiphone = $ _POST ['udidfromiphone']; 
 //连接到数据库
 $ hostname ='HOSTNAME.db.7774297.hostedresource.com'; 
 $ username ='USERNAME'; 
 $ password ='  PASSWORD'; 
 $ dbname ='DBNAME'; 
 
 mysql_connect（$ hostname，$ username，$ password）或DIE（'无法连接数据库！请稍后再试。'）; 
 mysql_select_db（$  dbname）; 
 
 $ query =“INSERT INTO mydatabase VALUES（$ udidfromiphone，'7'）”; 
 echo“values added”; 
 mysql_query（$ query）; 
 
 
 mysql_close（）  ;  
？＆gt; 
  code>  pre> 
 
 在我的MySQL中，我有两个字段，一个用于UDID，一个是varchar（60），另一个字段是一个整数。 
 
 
谢谢!!  p> 
  div>

答

INSERT INTO mydatabase VALUES ($udidfromiphone,'7')

When trying this with a number, the query becomes like this:

INSERT INTO mydatabase VALUES (12345678,'7')

That's valid SQL. A UDID consists of letters and numbers though, so the query will be like this:

INSERT INTO mydatabase VALUES (ABCDE12345FGHI,'7')

That's not correct SQL. Quote your strings:

INSERT INTO mydatabase VALUES ('$udidfromiphone','7')

Furthermore, this is prone to SQL injection. Escape your values. Google for "SQL injection", there's a ton of material about it out there.

无法将UDID从iPhone发送到PHP到MySQL数据库

相关推荐