Key points.
1. UFW allow specific IPs:
ufw allow from 123.456.789.0/24 to any port 3306
2. MySQL add remote users (e.g. only allow INSERT):
GRANT INSERT ON DB_NAME.TABLE_NAME TO 'REMOTE_USER_NAME'@'%' IDENTIFIED BY 'REMOTE_PASSWORD' WITH GRANT OPTION; FLUSH PRIVILEGES;
3. In PHP, use quotes around variable names;
$sql = "INSERT INTO TABLE_NAME (FIELD1, FIELD2) VALUES ('$VAR_1', '$VAR_2')"