php实现购买
PHP实现购买功能的基本步骤
创建一个PHP购买功能通常涉及以下几个关键环节,以下是一个简化但完整的实现方案:
数据库设计
需要设计相关数据表存储商品、订单和用户信息。常见表结构如下:
products表:存储商品ID、名称、价格、库存等users表:存储用户ID、余额等信息orders表:存储订单ID、用户ID、商品ID、数量、总价、下单时间等
示例SQL创建语句:
CREATE TABLE products (
id INT AUTO_INCREMENT PRIMARY KEY,
name VARCHAR(100) NOT NULL,
price DECIMAL(10,2) NOT NULL,
stock INT NOT NULL
);
CREATE TABLE users (
id INT AUTO_INCREMENT PRIMARY KEY,
username VARCHAR(50) NOT NULL,
balance DECIMAL(10,2) DEFAULT 0.00
);
CREATE TABLE orders (
id INT AUTO_INCREMENT PRIMARY KEY,
user_id INT NOT NULL,
product_id INT NOT NULL,
quantity INT NOT NULL,
total_price DECIMAL(10,2) NOT NULL,
order_date TIMESTAMP DEFAULT CURRENT_TIMESTAMP,
FOREIGN KEY (user_id) REFERENCES users(id),
FOREIGN KEY (product_id) REFERENCES products(id)
);商品展示页面
创建一个显示商品列表的页面,允许用户选择商品并添加到购物车。
<?php
// 连接数据库
$db = new PDO('mysql:host=localhost;dbname=shop', 'username', 'password');
// 查询商品
$query = $db->query("SELECT * FROM products WHERE stock > 0");
$products = $query->fetchAll(PDO::FETCH_ASSOC);
// 显示商品列表
foreach ($products as $product) {
echo "<div>";
echo "<h3>{$product['name']}</h3>";
echo "<p>价格: {$product['price']}元</p>";
echo "<p>库存: {$product['stock']}</p>";
echo "<form method='post' action='add_to_cart.php'>";
echo "<input type='hidden' name='product_id' value='{$product['id']}'>";
echo "<input type='number' name='quantity' min='1' max='{$product['stock']}' value='1'>";
echo "<button type='submit'>加入购物车</button>";
echo "</form>";
echo "</div>";
}
?>购物车功能
实现购物车功能,可以存储在session中。
// add_to_cart.php
session_start();
if (!isset($_SESSION['cart'])) {
$_SESSION['cart'] = [];
}
$product_id = $_POST['product_id'];
$quantity = $_POST['quantity'];
// 检查商品是否已在购物车
if (isset($_SESSION['cart'][$product_id])) {
$_SESSION['cart'][$product_id] += $quantity;
} else {
$_SESSION['cart'][$product_id] = $quantity;
}
header('Location: cart.php');结算页面
显示购物车内容并处理结算逻辑。
// checkout.php
session_start();
// 获取购物车商品详情
$cart = $_SESSION['cart'] ?? [];
$db = new PDO('mysql:host=localhost;dbname=shop', 'username', 'password');
// 开始事务
$db->beginTransaction();
try {
$total = 0;
foreach ($cart as $product_id => $quantity) {
// 检查库存
$stmt = $db->prepare("SELECT price, stock FROM products WHERE id = ? FOR UPDATE");
$stmt->execute([$product_id]);
$product = $stmt->fetch(PDO::FETCH_ASSOC);
if ($quantity > $product['stock']) {
throw new Exception("商品库存不足");
}
// 计算总价
$subtotal = $product['price'] * $quantity;
$total += $subtotal;
// 更新库存
$db->prepare("UPDATE products SET stock = stock - ? WHERE id = ?")
->execute([$quantity, $product_id]);
}
// 检查用户余额
$user_id = $_SESSION['user_id'];
$stmt = $db->prepare("SELECT balance FROM users WHERE id = ? FOR UPDATE");
$stmt->execute([$user_id]);
$user = $stmt->fetch(PDO::FETCH_ASSOC);
if ($user['balance'] < $total) {
throw new Exception("余额不足");
}
// 扣减余额
$db->prepare("UPDATE users SET balance = balance - ? WHERE id = ?")
->execute([$total, $user_id]);
// 创建订单
foreach ($cart as $product_id => $quantity) {
$stmt = $db->prepare("INSERT INTO orders (user_id, product_id, quantity, total_price) VALUES (?, ?, ?, ?)");
$product = $db->query("SELECT price FROM products WHERE id = $product_id")->fetch();
$stmt->execute([$user_id, $product_id, $quantity, $product['price'] * $quantity]);
}
// 清空购物车
unset($_SESSION['cart']);
$db->commit();
echo "购买成功!";
} catch (Exception $e) {
$db->rollBack();
echo "购买失败: " . $e->getMessage();
}安全注意事项
- 使用预处理语句防止SQL注入
- 对用户输入进行验证和过滤
- 实现CSRF防护
- 对敏感操作使用事务
- 重要操作记录日志
扩展功能建议
- 添加支付网关接口(如支付宝、微信支付)
- 实现订单状态跟踪
- 添加商品评价系统
- 开发会员折扣功能
- 实现购物车持久化(数据库存储)
