diff --git a/endpoint.php b/endpoint.php
index db0d7e5..b91222a 100644
--- a/endpoint.php
+++ b/endpoint.php
@@ -10,7 +10,7 @@ if (isset($_GET["lat"]) && preg_match("/^-?\d+\.\d+$/", $_GET["lat"]) && isset($
         die("Connection failed: " . $conn->connect_error);
     }
 
-    $sql = "INSERT INTO tracker (device, lat, lon) VALUES (" . mysqli_real_escape_string($conn, $_GET['device']) . ", " . mysqli_real_escape_string($conn, $_GET['lat']) . ", " . mysqli_real_escape_string($conn, $_GET['lon']) . ");";
+    $sql = "INSERT INTO tracker (device, lat, lon) VALUES ('" . mysqli_real_escape_string($conn, $_GET['device']) . "', " . mysqli_real_escape_string($conn, $_GET['lat']) . ", " . mysqli_real_escape_string($conn, $_GET['lon']) . ");";
 
     if (!mysqli_query($conn, $sql)) {
         die('Error: ' . mysqli_error($conn));