php 站内消息 实现
站内消息系统设计要点
数据库表设计需要包含消息表(messages),通常包含字段:id、sender_id、receiver_id、content、created_at、is_read等。用户表(users)用于关联发送者和接收者。
消息表建议结构:
CREATE TABLE `messages` (
`id` int(11) NOT NULL AUTO_INCREMENT,
`sender_id` int(11) NOT NULL,
`receiver_id` int(11) NOT NULL,
`subject` varchar(255) DEFAULT NULL,
`content` text NOT NULL,
`created_at` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP,
`is_read` tinyint(1) DEFAULT '0',
PRIMARY KEY (`id`),
KEY `sender_id` (`sender_id`),
KEY `receiver_id` (`receiver_id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4;消息发送功能实现
创建消息发送表单(send_message.php):
<form action="send_message_process.php" method="post">
<input type="hidden" name="sender_id" value="<?php echo $_SESSION['user_id']; ?>">
<div>
<label>接收者ID:</label>
<input type="text" name="receiver_id" required>
</div>
<div>
<label>主题:</label>
<input type="text" name="subject">
</div>
<div>
<label>内容:</label>
<textarea name="content" required></textarea>
</div>
<button type="submit">发送</button>
</form>处理发送逻辑(send_message_process.php):
<?php
session_start();
require 'db_connect.php';
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
$senderId = $_POST['sender_id'];
$receiverId = $_POST['receiver_id'];
$subject = htmlspecialchars($_POST['subject']);
$content = htmlspecialchars($_POST['content']);
$stmt = $pdo->prepare("INSERT INTO messages (sender_id, receiver_id, subject, content) VALUES (?, ?, ?, ?)");
$stmt->execute([$senderId, $receiverId, $subject, $content]);
header("Location: messages.php?status=sent");
exit;
}
?>消息接收与展示
获取用户收件箱(inbox.php):
<?php
session_start();
require 'db_connect.php';
$userId = $_SESSION['user_id'];
$stmt = $pdo->prepare("SELECT m.*, u.username as sender_name
FROM messages m
JOIN users u ON m.sender_id = u.id
WHERE m.receiver_id = ?
ORDER BY m.created_at DESC");
$stmt->execute([$userId]);
$messages = $stmt->fetchAll(PDO::FETCH_ASSOC);
?>
<ul>
<?php foreach ($messages as $message): ?>
<li class="<?php echo $message['is_read'] ? 'read' : 'unread'; ?>">
<strong><?php echo $message['sender_name']; ?></strong>
<span><?php echo $message['subject']; ?></span>
<p><?php echo $message['content']; ?></p>
<small><?php echo $message['created_at']; ?></small>
</li>
<?php endforeach; ?>
</ul>消息状态更新
标记消息为已读(mark_as_read.php):
<?php
session_start();
require 'db_connect.php';
if (isset($_GET['message_id'])) {
$messageId = $_GET['message_id'];
$userId = $_SESSION['user_id'];
// 验证消息属于当前用户
$stmt = $pdo->prepare("UPDATE messages SET is_read = 1 WHERE id = ? AND receiver_id = ?");
$stmt->execute([$messageId, $userId]);
header("Location: inbox.php");
exit;
}
?>实时消息提醒
使用AJAX轮询检查新消息:
setInterval(function() {
$.ajax({
url: 'check_new_messages.php',
type: 'GET',
success: function(response) {
if (response.count > 0) {
$('#message-notification').text(response.count).show();
} else {
$('#message-notification').hide();
}
}
});
}, 30000); // 每30秒检查一次后端检查新消息(check_new_messages.php):
<?php
session_start();
require 'db_connect.php';
$userId = $_SESSION['user_id'];
$stmt = $pdo->prepare("SELECT COUNT(*) as count FROM messages WHERE receiver_id = ? AND is_read = 0");
$stmt->execute([$userId]);
$result = $stmt->fetch(PDO::FETCH_ASSOC);
header('Content-Type: application/json');
echo json_encode($result);
?>安全与优化建议
对用户输入进行严格过滤和验证,防止SQL注入和XSS攻击。使用预处理语句处理数据库查询。
添加分页功能处理大量消息:
$page = isset($_GET['page']) ? (int)$_GET['page'] : 1;
$limit = 10;
$offset = ($page - 1) * $limit;
$stmt = $pdo->prepare("SELECT m.*, u.username as sender_name
FROM messages m
JOIN users u ON m.sender_id = u.id
WHERE m.receiver_id = ?
ORDER BY m.created_at DESC
LIMIT ? OFFSET ?");
$stmt->execute([$userId, $limit, $offset]);考虑添加消息删除功能:
$stmt = $pdo->prepare("DELETE FROM messages WHERE id = ? AND (sender_id = ? OR receiver_id = ?)");
$stmt->execute([$messageId, $userId, $userId]);
