php实现转账

PHP实现转账功能

实现转账功能需要处理数据库事务、金额校验、并发控制等关键点。以下是一个完整的PHP转账实现方案：

数据库表设计 创建用户账户表和交易记录表：

CREATE TABLE `accounts` (
  `id` int(11) NOT NULL AUTO_INCREMENT,
  `user_id` int(11) NOT NULL,
  `balance` decimal(15,2) NOT NULL DEFAULT '0.00',
  `version` int(11) NOT NULL DEFAULT '0',
  PRIMARY KEY (`id`),
  UNIQUE KEY `user_id` (`user_id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8;

CREATE TABLE `transactions` (
  `id` int(11) NOT NULL AUTO_INCREMENT,
  `from_user` int(11) NOT NULL,
  `to_user` int(11) NOT NULL,
  `amount` decimal(15,2) NOT NULL,
  `created_at` datetime NOT NULL DEFAULT CURRENT_TIMESTAMP,
  `status` tinyint(4) NOT NULL DEFAULT '0',
  PRIMARY KEY (`id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8;

PHP转账核心代码

function transferMoney($fromUserId, $toUserId, $amount) {
    $db = new PDO('mysql:host=localhost;dbname=your_db', 'username', 'password');
    $db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);

    try {
        $db->beginTransaction();

        // 检查金额有效性
        if ($amount <= 0) {
            throw new Exception("转账金额必须大于零");
        }

        // 获取转出账户信息并加锁
        $stmt = $db->prepare("SELECT balance FROM accounts WHERE user_id = ? FOR UPDATE");
        $stmt->execute([$fromUserId]);
        $fromAccount = $stmt->fetch(PDO::FETCH_ASSOC);

        if (!$fromAccount) {
            throw new Exception("转出账户不存在");
        }

        // 检查余额是否充足
        if ($fromAccount['balance'] < $amount) {
            throw new Exception("账户余额不足");
        }

        // 获取转入账户信息并加锁
        $stmt = $db->prepare("SELECT balance FROM accounts WHERE user_id = ? FOR UPDATE");
        $stmt->execute([$toUserId]);
        $toAccount = $stmt->fetch(PDO::FETCH_ASSOC);

        if (!$toAccount) {
            throw new Exception("转入账户不存在");
        }

        // 执行转账操作
        $stmt = $db->prepare("UPDATE accounts SET balance = balance - ? WHERE user_id = ?");
        $stmt->execute([$amount, $fromUserId]);

        $stmt = $db->prepare("UPDATE accounts SET balance = balance + ? WHERE user_id = ?");
        $stmt->execute([$amount, $toUserId]);

        // 记录交易
        $stmt = $db->prepare("INSERT INTO transactions (from_user, to_user, amount, status) VALUES (?, ?, ?, 1)");
        $stmt->execute([$fromUserId, $toUserId, $amount]);

        $db->commit();
        return true;
    } catch (Exception $e) {
        $db->rollBack();
        error_log("转账失败: " . $e->getMessage());
        return false;
    }
}

并发控制优化 使用乐观锁防止并发问题：

// 在转账函数中添加版本检查
$stmt = $db->prepare("SELECT balance, version FROM accounts WHERE user_id = ?");
$stmt->execute([$fromUserId]);
$fromAccount = $stmt->fetch(PDO::FETCH_ASSOC);

// 更新时检查版本号
$stmt = $db->prepare("UPDATE accounts SET balance = balance - ?, version = version + 1 WHERE user_id = ? AND version = ?");
$affected = $stmt->execute([$amount, $fromUserId, $fromAccount['version']]);

if ($affected === 0) {
    throw new Exception("账户信息已变更，请重试");
}

安全注意事项

• 使用预处理语句防止SQL注入
• 金额使用DECIMAL类型而非FLOAT避免精度问题
• 重要操作记录详细日志
• 考虑添加每日转账限额
• 对外暴露接口需要身份验证和防重放攻击机制

RESTful API实现示例

// transfer.php
header('Content-Type: application/json');

$input = json_decode(file_get_contents('php://input'), true);

$required = ['from_user', 'to_user', 'amount', 'token'];
foreach ($required as $field) {
    if (empty($input[$field])) {
        http_response_code(400);
        echo json_encode(['error' => "缺少必要参数: $field"]);
        exit;
    }
}

// 验证token有效性
if (!verifyToken($input['token'])) {
    http_response_code(401);
    echo json_encode(['error' => '无效的认证令牌']);
    exit;
}

$result = transferMoney($input['from_user'], $input['to_user'], $input['amount']);

if ($result) {
    echo json_encode(['success' => true]);
} else {
    http_response_code(500);
    echo json_encode(['error' => '转账处理失败']);
}

以上实现包含了转账功能的核心要素，可根据实际业务需求进行调整和扩展。对于高并发场景，可能需要引入队列系统或分布式事务解决方案。