So I have an issue. I have a server, lets call it (testserver.net). Right now, to change the database, from my application, my app runs "testserver.net\add.php". The problem is anyone can run that and change things in my database. How do I make it that needs some sort of verification before running the code in add.php so no one can just have access to my server? (Like a password or something).

create a token : 1MBASFDFACAUYTUG^%(!@UUIASNSR*_-+LASQWFVSA4QWYUI12670 ,save this token safely with in your application.

Whenever you want to call the add.php pass the token like :

testserver.net?token=1MBASFDFACAUYTUG^%(!@UUIASNSR*_-+LASQWFVSA4QWYUI12670

add.php

$secret = $_POST['secret']; //use post or get
if($secret != $mySavedSecret){
    die('intruder!!')
}

Place you add.php file in separate folder and password protect it, or you may use Password protect a specific URL solution

You need to perform Authentication followed by Authorization. In PHP there are many frameworks which support this.

pls check this for basic authentication

https://book.cakephp.org/2.0/en/tutorials-and-examples/blog-auth-example/auth.html

or you can use popular frameworks and follow their tutorials to perform this.

check this php micro framework Slim