用php实现留言板
创建数据库表
留言板需要存储用户留言信息,创建一个MySQL数据库表:
CREATE TABLE messages (
id INT AUTO_INCREMENT PRIMARY KEY,
username VARCHAR(50) NOT NULL,
email VARCHAR(100),
content TEXT NOT NULL,
created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP
);数据库连接配置
创建config.php文件存放数据库连接信息:
<?php
define('DB_HOST', 'localhost');
define('DB_USER', 'username');
define('DB_PASS', 'password');
define('DB_NAME', 'message_board');
?>留言提交处理
创建submit.php处理表单提交:
<?php
require 'config.php';
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
$username = htmlspecialchars(trim($_POST['username']));
$email = filter_var(trim($_POST['email']), FILTER_SANITIZE_EMAIL);
$content = htmlspecialchars(trim($_POST['content']));
if (!empty($username) && !empty($content)) {
$conn = new mysqli(DB_HOST, DB_USER, DB_PASS, DB_NAME);
$stmt = $conn->prepare("INSERT INTO messages (username, email, content) VALUES (?, ?, ?)");
$stmt->bind_param("sss", $username, $email, $content);
$stmt->execute();
$stmt->close();
$conn->close();
header('Location: index.php');
exit;
}
}
?>显示留言列表
创建index.php显示所有留言:
<?php
require 'config.php';
$conn = new mysqli(DB_HOST, DB_USER, DB_PASS, DB_NAME);
$result = $conn->query("SELECT * FROM messages ORDER BY created_at DESC");
$messages = $result->fetch_all(MYSQLI_ASSOC);
$conn->close();
?>
<!DOCTYPE html>
<html>
<head>
<title>留言板</title>
</head>
<body>
<h1>留言板</h1>
<form action="submit.php" method="post">
姓名: <input type="text" name="username" required><br>
邮箱: <input type="email" name="email"><br>
留言: <textarea name="content" required></textarea><br>
<button type="submit">提交</button>
</form>
<hr>
<?php foreach ($messages as $message): ?>
<div class="message">
<h3><?= htmlspecialchars($message['username']) ?></h3>
<small><?= $message['created_at'] ?></small>
<p><?= nl2br(htmlspecialchars($message['content'])) ?></p>
</div>
<hr>
<?php endforeach; ?>
</body>
</html>安全增强措施
添加CSRF防护和输入验证:
// 在config.php中添加
session_start();
// 在表单页生成token
$_SESSION['token'] = bin2hex(random_bytes(32));
// 在表单中添加隐藏域
<input type="hidden" name="token" value="<?= $_SESSION['token'] ?>">
// 在submit.php中验证token
if (!isset($_POST['token']) || $_POST['token'] !== $_SESSION['token']) {
die('无效的CSRF令牌');
}分页功能实现
修改index.php添加分页:
$page = isset($_GET['page']) ? (int)$_GET['page'] : 1;
$perPage = 5;
$offset = ($page - 1) * $perPage;
$conn = new mysqli(DB_HOST, DB_USER, DB_PASS, DB_NAME);
$total = $conn->query("SELECT COUNT(*) FROM messages")->fetch_row()[0];
$pages = ceil($total / $perPage);
$result = $conn->query("SELECT * FROM messages ORDER BY created_at DESC LIMIT $offset, $perPage");
$messages = $result->fetch_all(MYSQLI_ASSOC);
$conn->close();
// 在页面底部添加分页导航
<div class="pagination">
<?php for ($i = 1; $i <= $pages; $i++): ?>
<a href="?page=<?= $i ?>" <?= $i === $page ? 'class="active"' : '' ?>><?= $i ?></a>
<?php endfor; ?>
</div>
