2016-08-03 04:19
浏览 52


I have some php files that freely run on my online PHP,MySQL server. As an example if it concern about addUser.php (here is that code)


$name = $_POST['name'];
$email = $_POST['email'];

$sql = "INSERT INTO users (name,email,...) VALUES ('$name','$email',...)";


        echo 'User Added Successfully';
       echo 'Could Not Add User';


I have coded my ANDROID Application to access this type of php file by StringRequest using URL


and pass the parameters using HashMaps

So, I want to know how is this php file runs when android user access it, and what will occur when thousands of android users started accessing this php file and started to insert data into my online server Database concurrently. And if there is a problem occur what is the solution for it?

I just want to know is it a problem occur when many users try the same php file at same time?? I mean we use synchronizing in multi-threading to prevent occuring a problem when many users use the same at sametime. As in that way is there will a problem occur when thousands of users adding data through this php file

  • 点赞
  • 写回答
  • 关注问题
  • 收藏
  • 邀请回答

2条回答 默认 最新

  • doulin2029 2016-08-03 04:35

    Lets assume you're going to keep using this script.

    1. You must stop duplicate emails being inserted

    Run a select * from users where email = '$email' before inserting the user. If the results.length == 0, insert the user, if not return an error.

    1. Validate the incoming POST data

    Here you should do some basic validation:

    $name = $_POST['name'];
    $email = $_POST['email'];
    // Do some checks here which will validate the email

    See the following page for a more in depth look into validating:

    Other than that there are some floors

    1. You should make users use a password
      • The password should also be hashed
    2. SQL injection

    One more thing, maybe have a look at other examples. E.g


    Seems like you want to implement a google login (based on your comment).

    Here's how I'd do it:

    1. On the client (app), the user would login to there google acc.
    2. In return we would get there accountId and an OAUTH token
    3. We would then send the token + OAUTH token to our PHP server.
    4. The php server would then use a google php library to validate the OAUTH token that we retrieved from the client.
    5. The library would then return information on that user including there google id and other relevant information that was requested.
    6. Check to see if the user has an account by cross checking the google id returned against our database.
      • Select * from dbTABLENAME where googleId =
    7. IF there was nothing returned in step 6, we would then store the googleId + other information (email) in our own database, IF THERE WAS something returned in step 6, we'd return some sort of token to the client that would be used to validate all other requests

    This link will help ->

    点赞 打赏 评论
  • douqipi9704 2016-08-03 04:35

    Seems you have developed an API for your android application for inserting data. I suggest you to put an authentication layer before inserting data. Such as you can generate token using 'Hashing' or 'Salt' algorithm for your application user. If they request with that token, in your API you have to decide whether you will accept the request or reject.

    点赞 打赏 评论

相关推荐 更多相似问题