如果你有能力，你应该实现在应用程序中使用HTTPS，这可以解决许多安全问题。 创建自签名服务器的SSL证书和部署Web服务器的密钥工具在Android SDK用于此目的的。然后创建一个自签署的客户端和部署在自定义密钥库您的应用程序中包含在你的应用程序作为一种资源（密钥工具会产生这个问题，以及）。将服务器配置为要求客户端SSL认证，并只接受你生成的客户端证书。 奥莱利：应用安全为Android平台 要么 如果这只是你的客户和你的服务器，你可以（也应该）使用SSL，而无需购买任何东西。您可以控制​​服务器和客户端，所以每个人都应该只相信一个证书，一个属于其他的，你并不需要的CA这purpose.PHP可以通过POST接收数据或走出你的网站，甚至在互联网浏览器。一种用于执行此方法是由卷曲。 您必须验证由POST接收到的信息或与你的PHP，这种语言已经到了解决这些毛病太多的能力;看看这部分PHP官方文档。

If you are able, you should implement the use of HTTPS in your app and this could solve many security problems. Create a self-signed server SSL certificate and deploy on your web server with the keytool in the Android SDK for this purpose. Then create a self-signed client and deploy that within your application in a custom keystore included in your application as a resource (keytool will generate this as well). Configure the server to require client-side SSL authentication and to only accept the client certificate you generated. oReilly : Application Security for the Android Platform or If it's only your client and your server, you can (and should) use SSL without purchasing anything. You control the server and the client, so each should only trust one certificate, the one belonging to the other and you don't need CAs for this purpose.PHP can receive data via POST or GET out of your site and even the internet browser. One of the methods used to do this is by curl. You must verify the information received by POST or GET in your PHP, this language has much ability to solve these "problems"; Take a look at this part of the PHP official documentation.

假设你正在构建一个登录系统：您也可以在登录页位置添加一个隐藏的元素与秘密的独特code，可以happend只有一次，保存这个秘密code。在会议上，如此，登录电子剧本的样子在会议上为这个code，有什么被张贴到脚本相比，同样也要继续。

Suppose you're building a login system: Also you can add in the login page place a hidden element with secret unique code that can happend only once, save this secret code in session, so, the loging script look in session for this code, compare with what was posted to the script, should same to proceed.

而且，如果你想获得您的访问者的IP地址：

And, if you want to get the IP address of your visitors:

function getRealIpAddr()
{
    if (!empty($_SERVER['HTTP_CLIENT_IP']))   //check ip from share internet
    {
      $ip=$_SERVER['HTTP_CLIENT_IP'];
    }
    elseif (!empty($_SERVER['HTTP_X_FORWARDED_FOR']))   //to check ip is pass from proxy
    {
      $ip=$_SERVER['HTTP_X_FORWARDED_FOR'];
    }
    else
    {
      $ip=$_SERVER['REMOTE_ADDR'];
    }
    return $ip;
}

您希望要在这里查找：Encrypt在移动应用程序的数据和发送到Web服务和Web服务：如何prevent非法访问

you want want to look up here: Encrypt data within mobile app and send to web service and Web services: how prevent illegal accesses