You need a way to let the php script know that the data received is genuine.

client side

Put the all the data to be sent concatenated into a string. Put into the string also the current date and time (client side). You need to send that information too.

Then “salt” the string with some more data, either a static string “xyw#q”wz” for example or better something you derive from the sent data.

Let’s call that string the check-string

Finally calculate the MD5 hash of the check-string and send it along with your data and current date and time.

server side

The php script receive all the data and the MD5 hash.

Do the same operations on the data received (concatenation, salting, etc..) to re-build the check-string, exactly in the same way you did client-side.

Calculate its MD5 and compare the two hashes: the one received and the one just calculated.

If they match then data is genuine and can be added to the database. Otherwise it is not or it have been reposted.

–

summary

client : data -> build string -> make MD5 from string -> send data & MD5

server : data (received) -> build string -> make MD5 from string

(client side MD5 == server side MD5) ? YES data genuine : NO fake or repost

–

how it works

for any set of data there is only one valid MD5 hash. If someone wants to post fake data he need to pass a valid MD5 too. But he doesn’t know how the MD5 is built up.

To make things harder for the hacker I told you to “salt” the string with some random data.

This is just one way (the easier I think) to achieve what you want.

Note that if the client side app would have been written in JavaScript (instead of Java) this approach would have been very vulnerable as the JS code would have exposed the process of building up the check-string.

As a last note: that’s not bulletproof. A smart hacker could still guess how you build up the check-string or decompile the Java and (with some effort) find how the check-string is build up to generate the MD5 for his fake data.