I'm developing an application composed of two elements: a simple PHP server interacting with a SQL DB and a client which on certain events will send information to the server to log.
I would like a way to somehow verify (on the server's side) that the incoming query is indeed coming from my client, because there is a possibilty that someone will decompile the client file and see how I connect and send commands to the server, and that would let them inject false data.
I have no idea how to do such a mechanism though simply because anything I implement in the client could (theoretically) be viewed after decompilation process. Or maybe obfuscation is a solution in this case?
If someone is intrepid enough to decompile your client, they will simply write their own client using your mechanism and there's no way you can distinguish the two. No amount of "authentication" will stop that. (Like for example, if someone gets my private SSH key, game over: they are me until those keys are revoked.)
The best you can do is make it hard for them to decompile, detect intrusion, and limit damage. Some ideas, but you really should consider the attack patterns you expect to face:
PS: Expect this question to be closed or at least downvoted. It's not about code, but about design.