php 实现订单
订单系统的基本结构
订单系统通常包含用户信息、商品信息、订单详情、支付状态等核心模块。PHP实现需要结合数据库设计、表单处理和业务逻辑。
数据库设计
创建订单相关的数据表结构是基础:
CREATE TABLE orders (
order_id INT AUTO_INCREMENT PRIMARY KEY,
user_id INT NOT NULL,
order_date TIMESTAMP DEFAULT CURRENT_TIMESTAMP,
total_amount DECIMAL(10,2) NOT NULL,
status ENUM('pending', 'paid', 'shipped', 'delivered', 'cancelled') DEFAULT 'pending',
payment_method VARCHAR(50)
);
CREATE TABLE order_items (
item_id INT AUTO_INCREMENT PRIMARY KEY,
order_id INT NOT NULL,
product_id INT NOT NULL,
quantity INT NOT NULL,
unit_price DECIMAL(10,2) NOT NULL,
FOREIGN KEY (order_id) REFERENCES orders(order_id)
);创建订单逻辑
处理前端提交的订单数据并写入数据库:
// 接收表单数据
$user_id = $_POST['user_id'];
$cart_items = json_decode($_POST['cart_items'], true);
$payment_method = $_POST['payment_method'];
// 计算总金额
$total = 0;
foreach ($cart_items as $item) {
$total += $item['price'] * $item['quantity'];
}
// 开启事务
$pdo->beginTransaction();
try {
// 插入订单主表
$stmt = $pdo->prepare("INSERT INTO orders (user_id, total_amount, payment_method) VALUES (?, ?, ?)");
$stmt->execute([$user_id, $total, $payment_method]);
$order_id = $pdo->lastInsertId();
// 插入订单明细
$stmt = $pdo->prepare("INSERT INTO order_items (order_id, product_id, quantity, unit_price) VALUES (?, ?, ?, ?)");
foreach ($cart_items as $item) {
$stmt->execute([$order_id, $item['product_id'], $item['quantity'], $item['price']]);
}
// 提交事务
$pdo->commit();
echo json_encode(['success' => true, 'order_id' => $order_id]);
} catch (Exception $e) {
$pdo->rollBack();
echo json_encode(['error' => $e->getMessage()]);
}订单状态更新
提供管理员接口修改订单状态:
$order_id = $_POST['order_id'];
$new_status = $_POST['status'];
$stmt = $pdo->prepare("UPDATE orders SET status = ? WHERE order_id = ?");
if ($stmt->execute([$new_status, $order_id])) {
echo "Order status updated successfully";
} else {
echo "Error updating order status";
}订单查询功能
实现用户查看历史订单:
$user_id = $_SESSION['user_id'];
$stmt = $pdo->prepare("SELECT * FROM orders WHERE user_id = ? ORDER BY order_date DESC");
$stmt->execute([$user_id]);
$orders = $stmt->fetchAll(PDO::FETCH_ASSOC);
foreach ($orders as &$order) {
$stmt = $pdo->prepare("SELECT * FROM order_items WHERE order_id = ?");
$stmt->execute([$order['order_id']]);
$order['items'] = $stmt->fetchAll(PDO::FETCH_ASSOC);
}
echo json_encode($orders);支付回调处理
处理第三方支付平台回调验证:
$order_id = $_POST['out_trade_no'];
$payment_amount = $_POST['total_fee'];
// 验证订单是否存在且金额匹配
$stmt = $pdo->prepare("SELECT * FROM orders WHERE order_id = ? AND total_amount = ? AND status = 'pending'");
$stmt->execute([$order_id, $payment_amount]);
if ($stmt->rowCount() > 0) {
// 更新订单状态为已支付
$stmt = $pdo->prepare("UPDATE orders SET status = 'paid' WHERE order_id = ?");
$stmt->execute([$order_id]);
// 返回成功响应给支付平台
echo "SUCCESS";
} else {
echo "FAIL";
}安全注意事项
实现订单系统时需注意以下安全措施:
- 使用预处理语句防止SQL注入
- 对敏感操作进行CSRF防护
- 金额计算在服务端验证
- 支付回调验证签名
- 关键操作记录日志
以上代码示例展示了PHP实现订单系统的核心功能模块,实际开发中需要根据具体业务需求进行扩展和完善。
