php站内信实现
PHP 站内信功能实现
站内信功能通常包括发送、接收、查看和删除消息等基本操作。以下是实现站内信功能的详细方法:
数据库设计
创建两个表:users(用户表)和messages(站内信表)。
用户表结构示例:
CREATE TABLE users (
id INT PRIMARY KEY AUTO_INCREMENT,
username VARCHAR(50) NOT NULL,
email VARCHAR(100) NOT NULL
);站内信表结构示例:
CREATE TABLE messages (
id INT PRIMARY KEY AUTO_INCREMENT,
sender_id INT NOT NULL,
receiver_id INT NOT NULL,
subject VARCHAR(255) NOT NULL,
content TEXT NOT NULL,
is_read BOOLEAN DEFAULT 0,
created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP,
FOREIGN KEY (sender_id) REFERENCES users(id),
FOREIGN KEY (receiver_id) REFERENCES users(id)
);发送站内信
通过表单提交发送消息,后端处理数据并存入数据库。
发送表单示例(HTML):
<form action="send_message.php" method="post">
<input type="text" name="receiver_id" placeholder="接收者ID">
<input type="text" name="subject" placeholder="主题">
<textarea name="content" placeholder="内容"></textarea>
<button type="submit">发送</button>
</form>PHP 处理发送逻辑(send_message.php):
<?php
session_start();
include 'db_connect.php';
$sender_id = $_SESSION['user_id'];
$receiver_id = $_POST['receiver_id'];
$subject = $_POST['subject'];
$content = $_POST['content'];
$sql = "INSERT INTO messages (sender_id, receiver_id, subject, content)
VALUES (?, ?, ?, ?)";
$stmt = $conn->prepare($sql);
$stmt->bind_param("iiss", $sender_id, $receiver_id, $subject, $content);
$stmt->execute();
header("Location: inbox.php");
?>查看站内信
显示用户收件箱中的消息列表。
收件箱页面示例(inbox.php):
<?php
session_start();
include 'db_connect.php';
$user_id = $_SESSION['user_id'];
$sql = "SELECT m.id, u.username as sender, m.subject, m.content, m.is_read, m.created_at
FROM messages m
JOIN users u ON m.sender_id = u.id
WHERE m.receiver_id = ?
ORDER BY m.created_at DESC";
$stmt = $conn->prepare($sql);
$stmt->bind_param("i", $user_id);
$stmt->execute();
$result = $stmt->get_result();
while ($row = $result->fetch_assoc()) {
echo "<div style='" . ($row['is_read'] ? "" : "font-weight:bold;") . "'>
<a href='view_message.php?id=" . $row['id'] . "'>" . $row['subject'] . "</a>
<span>来自: " . $row['sender'] . "</span>
<span>" . $row['created_at'] . "</span>
</div>";
}
?>查看单条消息
点击消息标题后显示详细内容,并标记为已读。
查看消息页面(view_message.php):
<?php
session_start();
include 'db_connect.php';
$message_id = $_GET['id'];
$user_id = $_SESSION['user_id'];
// 标记为已读
$sql = "UPDATE messages SET is_read = 1 WHERE id = ? AND receiver_id = ?";
$stmt = $conn->prepare($sql);
$stmt->bind_param("ii", $message_id, $user_id);
$stmt->execute();
// 获取消息内容
$sql = "SELECT m.*, u.username as sender
FROM messages m
JOIN users u ON m.sender_id = u.id
WHERE m.id = ?";
$stmt = $conn->prepare($sql);
$stmt->bind_param("i", $message_id);
$stmt->execute();
$result = $stmt->get_result();
$message = $result->fetch_assoc();
echo "<h3>" . $message['subject'] . "</h3>";
echo "<p>发件人: " . $message['sender'] . "</p>";
echo "<p>时间: " . $message['created_at'] . "</p>";
echo "<div>" . nl2br($message['content']) . "</div>";
?>删除站内信
用户可以删除自己发送或接收的消息。
删除消息逻辑(delete_message.php):
<?php
session_start();
include 'db_connect.php';
$message_id = $_GET['id'];
$user_id = $_SESSION['user_id'];
// 检查用户是否有权限删除(是发送者或接收者)
$sql = "DELETE FROM messages
WHERE id = ? AND (sender_id = ? OR receiver_id = ?)";
$stmt = $conn->prepare($sql);
$stmt->bind_param("iii", $message_id, $user_id, $user_id);
$stmt->execute();
header("Location: inbox.php");
?>安全注意事项
- 使用预处理语句防止 SQL 注入
- 验证用户权限(确保用户只能操作自己的消息)
- 对输出内容进行转义防止 XSS 攻击
- 重要操作(如删除)使用 POST 请求而非 GET
以上方法提供了站内信功能的基本实现框架,可根据实际需求扩展更多功能,如消息分类、批量操作、附件支持等。
