php站内信实现
站内信功能概述
站内信是网站内部用户之间通信的系统,通常包含发送、接收、查看和删除等功能。PHP实现需结合数据库存储消息数据,并通过前端界面交互。
数据库设计
创建消息表存储站内信数据,基础字段包括:
CREATE TABLE `messages` (
`id` int(11) NOT NULL AUTO_INCREMENT,
`sender_id` int(11) NOT NULL,
`receiver_id` int(11) NOT NULL,
`subject` varchar(255) NOT NULL,
`content` text NOT NULL,
`is_read` tinyint(1) DEFAULT 0,
`created_at` timestamp DEFAULT CURRENT_TIMESTAMP,
PRIMARY KEY (`id`),
KEY `receiver_id` (`receiver_id`)
);发送功能实现
构建表单提交处理逻辑,验证后插入数据库:
// 发送消息处理
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
$senderId = $_SESSION['user_id'];
$receiverId = intval($_POST['receiver_id']);
$subject = htmlspecialchars($_POST['subject']);
$content = htmlspecialchars($_POST['content']);
$stmt = $pdo->prepare("INSERT INTO messages (sender_id, receiver_id, subject, content) VALUES (?, ?, ?, ?)");
$stmt->execute([$senderId, $receiverId, $subject, $content]);
header("Location: messages.php?sent=1");
exit;
}收件箱实现
查询当前用户接收的消息并展示:
$userId = $_SESSION['user_id'];
$stmt = $pdo->prepare("SELECT m.*, u.username as sender_name
FROM messages m
JOIN users u ON m.sender_id = u.id
WHERE m.receiver_id = ?
ORDER BY m.created_at DESC");
$stmt->execute([$userId]);
$messages = $stmt->fetchAll(PDO::FETCH_ASSOC);消息状态更新
标记消息为已读状态:
if (isset($_GET['id'])) {
$messageId = intval($_GET['id']);
$stmt = $pdo->prepare("UPDATE messages SET is_read = 1 WHERE id = ? AND receiver_id = ?");
$stmt->execute([$messageId, $_SESSION['user_id']]);
}前端界面示例
构建基础HTML模板展示消息列表:
<div class="message-list">
<?php foreach ($messages as $msg): ?>
<div class="message <?= $msg['is_read'] ? 'read' : 'unread' ?>">
<h4><?= htmlspecialchars($msg['subject']) ?></h4>
<p>发件人: <?= htmlspecialchars($msg['sender_name']) ?></p>
<p><?= nl2br(htmlspecialchars($msg['content'])) ?></p>
<small><?= $msg['created_at'] ?></small>
</div>
<?php endforeach; ?>
</div>安全增强措施
- 对所有用户输入使用
htmlspecialchars()过滤 - 使用预处理语句防止SQL注入
- 验证消息接收者是否为有效用户
- 实施CSRF保护令牌
性能优化建议
- 对消息表进行分表处理,按用户ID哈希分片
- 为常用查询字段添加索引
- 实现消息分页功能,避免一次性加载过多数据
- 对长时间未读消息实施自动归档机制
