实现订单php

创建订单表结构

在MySQL中创建一个订单表，包含基本字段如订单ID、用户ID、商品信息、订单状态等

CREATE TABLE `orders` (
  `order_id` int(11) NOT NULL AUTO_INCREMENT,
  `user_id` int(11) NOT NULL,
  `product_ids` varchar(255) NOT NULL,
  `quantities` varchar(255) NOT NULL,
  `total_amount` decimal(10,2) NOT NULL,
  `status` enum('pending','paid','shipped','delivered','cancelled') DEFAULT 'pending',
  `created_at` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP,
  `updated_at` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP,
  PRIMARY KEY (`order_id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4;

订单提交处理

创建PHP文件处理订单提交，验证数据并存入数据库

<?php
// 连接数据库
$db = new PDO('mysql:host=localhost;dbname=your_db', 'username', 'password');

// 获取POST数据
$user_id = $_POST['user_id'];
$products = $_POST['products']; // 应是一个包含product_id和quantity的数组

// 验证数据
if(empty($user_id) || empty($products)) {
    die('Invalid input');
}

// 计算总金额并准备商品ID和数量字符串
$total = 0;
$product_ids = [];
$quantities = [];
foreach($products as $product) {
    $total += $product['price'] * $product['quantity'];
    $product_ids[] = $product['id'];
    $quantities[] = $product['quantity'];
}

// 插入订单
$stmt = $db->prepare("INSERT INTO orders (user_id, product_ids, quantities, total_amount) 
                     VALUES (?, ?, ?, ?)");
$stmt->execute([
    $user_id,
    implode(',', $product_ids),
    implode(',', $quantities),
    $total
]);

// 返回订单ID
echo json_encode(['order_id' => $db->lastInsertId()]);
?>

订单状态更新

实现订单状态更新功能

<?php
$db = new PDO('mysql:host=localhost;dbname=your_db', 'username', 'password');

$order_id = $_POST['order_id'];
$new_status = $_POST['status'];

// 验证订单是否存在
$stmt = $db->prepare("SELECT * FROM orders WHERE order_id = ?");
$stmt->execute([$order_id]);
if($stmt->rowCount() == 0) {
    die('Order not found');
}

// 更新状态
$stmt = $db->prepare("UPDATE orders SET status = ? WHERE order_id = ?");
$stmt->execute([$new_status, $order_id]);

echo json_encode(['success' => true]);
?>

订单查询

根据用户ID查询订单历史

<?php
$db = new PDO('mysql:host=localhost;dbname=your_db', 'username', 'password');

$user_id = $_GET['user_id'];

$stmt = $db->prepare("SELECT * FROM orders WHERE user_id = ? ORDER BY created_at DESC");
$stmt->execute([$user_id]);
$orders = $stmt->fetchAll(PDO::FETCH_ASSOC);

echo json_encode($orders);
?>

安全增强措施

添加CSRF保护和输入验证

// 在订单提交前验证CSRF令牌
session_start();
if(!isset($_POST['csrf_token']) || $_POST['csrf_token'] !== $_SESSION['csrf_token']) {
    die('Invalid CSRF token');
}

// 过滤输入
$user_id = filter_var($_POST['user_id'], FILTER_VALIDATE_INT);
if($user_id === false) {
    die('Invalid user ID');
}

支付集成

集成支付网关示例（以Stripe为例）

require_once 'vendor/autoload.php';
\Stripe\Stripe::setApiKey('your_stripe_key');

$paymentIntent = \Stripe\PaymentIntent::create([
    'amount' => $total * 100, // 转换为分
    'currency' => 'usd',
    'metadata' => ['order_id' => $order_id]
]);

echo json_encode(['client_secret' => $paymentIntent->client_secret]);