php实现许愿墙完整版
许愿墙功能概述
许愿墙是一个允许用户发布、查看和管理愿望的Web应用,核心功能包括用户提交愿望、展示愿望列表、后台管理模块。
数据库设计
创建MySQL数据库表结构:
CREATE TABLE `wishes` (
`id` int(11) NOT NULL AUTO_INCREMENT,
`content` varchar(255) NOT NULL,
`username` varchar(50) NOT NULL,
`color` varchar(20) NOT NULL,
`create_time` datetime NOT NULL DEFAULT CURRENT_TIMESTAMP,
`ip_address` varchar(20) NOT NULL,
PRIMARY KEY (`id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4;前端页面实现
创建HTML表单提交页面(index.php):
<!DOCTYPE html>
<html>
<head>
<title>许愿墙</title>
<style>
.wish-container { display: flex; flex-wrap: wrap; }
.wish-box {
width: 200px; padding: 15px; margin: 10px;
border-radius: 5px; position: relative;
}
</style>
</head>
<body>
<form action="submit_wish.php" method="post">
<textarea name="content" required></textarea>
<input type="text" name="username" placeholder="昵称" required>
<select name="color">
<option value="yellow">黄色</option>
<option value="pink">粉色</option>
<option value="blue">蓝色</option>
</select>
<button type="submit">提交愿望</button>
</form>
<div class="wish-container">
<?php include 'display_wishes.php'; ?>
</div>
</body>
</html>愿望提交处理
创建submit_wish.php处理提交:
<?php
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
$content = htmlspecialchars($_POST['content']);
$username = htmlspecialchars($_POST['username']);
$color = $_POST['color'];
$ip = $_SERVER['REMOTE_ADDR'];
$conn = new mysqli('localhost', 'username', 'password', 'wish_wall');
$stmt = $conn->prepare("INSERT INTO wishes (content, username, color, ip_address) VALUES (?, ?, ?, ?)");
$stmt->bind_param("ssss", $content, $username, $color, $ip);
$stmt->execute();
header("Location: index.php");
exit();
}
?>愿望展示功能
创建display_wishes.php显示愿望:
<?php
$conn = new mysqli('localhost', 'username', 'password', 'wish_wall');
$result = $conn->query("SELECT * FROM wishes ORDER BY create_time DESC LIMIT 50");
while ($row = $result->fetch_assoc()) {
echo '<div class="wish-box" style="background-color: '.$row['color'].'">';
echo '<p>'.$row['content'].'</p>';
echo '<small>By: '.$row['username'].'</small>';
echo '</div>';
}
$conn->close();
?>后台管理功能
创建admin.php管理界面:
<?php
session_start();
if (!isset($_SESSION['admin'])) {
header("Location: login.php");
exit();
}
$conn = new mysqli('localhost', 'username', 'password', 'wish_wall');
$result = $conn->query("SELECT * FROM wishes ORDER BY create_time DESC");
echo '<table border="1">';
while ($row = $result->fetch_assoc()) {
echo '<tr>';
echo '<td>'.$row['id'].'</td>';
echo '<td>'.$row['content'].'</td>';
echo '<td>'.$row['username'].'</td>';
echo '<td>'.$row['ip_address'].'</td>';
echo '<td><a href="delete_wish.php?id='.$row['id'].'">删除</a></td>';
echo '</tr>';
}
echo '</table>';
?>安全防护措施
防止SQL注入和XSS攻击:
// 所有用户输入必须过滤
$content = filter_input(INPUT_POST, 'content', FILTER_SANITIZE_STRING);
$username = filter_input(INPUT_POST, 'username', FILTER_SANITIZE_STRING);
// 使用预处理语句
$stmt = $conn->prepare("INSERT INTO wishes (...) VALUES (?, ?)");
$stmt->bind_param("ss", $content, $username);
// 限制提交频率
if (isset($_SESSION['last_submit']) && time() - $_SESSION['last_submit'] < 60) {
die('请等待60秒后再提交');
}
$_SESSION['last_submit'] = time();部署注意事项
- 配置数据库连接参数
- 设置目录权限(upload目录可写)
- 配置服务器rewrite规则(如需伪静态)
- 定期备份数据库
- 实现CSRF防护令牌机制
完整实现需要根据实际需求调整样式、功能和安全性设置。建议添加验证码功能防止垃圾提交,并实现分页显示优化大量愿望的展示效果。
