How is it a php programm runs in an online server

Question

I have some php files that freely run on my online PHP,MySQL server. As an example if it concern about addUser.php (here is that code)

<?php
if($_SERVER['REQUEST_METHOD']=='POST'){

$name = $_POST['name'];
$email = $_POST['email'];
...

$sql = "INSERT INTO users (name,email,...) VALUES ('$name','$email',...)";

require_once('DbConnect.php');

if(mysqli_query($con,$sql)){
        echo 'User Added Successfully';
 }else{
       echo 'Could Not Add User';
 }

 mysqli_close($con);
 }

I have coded my ANDROID Application to access this type of php file by StringRequest using URL

http://www.***.com/addUser.php

and pass the parameters using HashMaps

So, I want to know how is this php file runs when android user access it, and what will occur when thousands of android users started accessing this php file and started to insert data into my online server Database concurrently. And if there is a problem occur what is the solution for it?

I just want to know is it a problem occur when many users try the same php file at same time?? I mean we use synchronizing in multi-threading to prevent occuring a problem when many users use the same at sametime. As in that way is there will a problem occur when thousands of users adding data through this php file

Answer 1

Seems you have developed an API for your android application for inserting data. I suggest you to put an authentication layer before inserting data. Such as you can generate token using 'Hashing' or 'Salt' algorithm for your application user. If they request with that token, in your API you have to decide whether you will accept the request or reject.

Answer 2

Lets assume you're going to keep using this script.

1. You must stop duplicate emails being inserted

Run a select * from users where email = '$email' before inserting the user. If the results.length == 0, insert the user, if not return an error.

2. Validate the incoming POST data

Here you should do some basic validation:

$name = $_POST['name'];
$email = $_POST['email'];
// Do some checks here which will validate the email

See the following page for a more in depth look into validating:

http://php.net/manual/en/filter.examples.validation.php

Other than that there are some floors

1. You should make users use a password
   • The password should also be hashed
2. SQL injection
   • See the following question -> How can I prevent SQL injection in PHP?

One more thing, maybe have a look at other examples. E.g

http://www.tutorialspoint.com/php/php_login_example.htm

Edit:

Seems like you want to implement a google login (based on your comment).

Here's how I'd do it:

1. On the client (app), the user would login to there google acc.
2. In return we would get there accountId and an OAUTH token
3. We would then send the token + OAUTH token to our PHP server.
4. The php server would then use a google php library to validate the OAUTH token that we retrieved from the client.
5. The library would then return information on that user including there google id and other relevant information that was requested.
6. Check to see if the user has an account by cross checking the google id returned against our database.
   • Select * from dbTABLENAME where googleId =
7. IF there was nothing returned in step 6, we would then store the googleId + other information (email) in our own database, IF THERE WAS something returned in step 6, we'd return some sort of token to the client that would be used to validate all other requests

This link will help ->

http://phppot.com/php/php-google-oauth-login/