php实现文章系统

数据库设计

创建数据库表存储文章数据，常用字段包括文章ID、标题、内容、作者、发布时间等。示例SQL语句：

CREATE TABLE articles (
    id INT AUTO_INCREMENT PRIMARY KEY,
    title VARCHAR(255) NOT NULL,
    content TEXT NOT NULL,
    author VARCHAR(100),
    created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP,
    updated_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP
);

连接数据库

使用PDO或MySQLi扩展连接MySQL数据库：

$host = 'localhost';
$dbname = 'article_system';
$username = 'root';
$password = '';

try {
    $pdo = new PDO("mysql:host=$host;dbname=$dbname", $username, $password);
    $pdo->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
} catch (PDOException $e) {
    die("Connection failed: " . $e->getMessage());
}

文章发布功能

创建表单提交文章数据并插入数据库：

if ($_SERVER['REQUEST_METHOD'] === 'POST') {
    $title = $_POST['title'];
    $content = $_POST['content'];
    $author = $_POST['author'];

    $stmt = $pdo->prepare("INSERT INTO articles (title, content, author) VALUES (?, ?, ?)");
    $stmt->execute([$title, $content, $author]);

    header("Location: index.php");
    exit;
}

文章列表展示

从数据库查询文章并展示：

$stmt = $pdo->query("SELECT * FROM articles ORDER BY created_at DESC");
$articles = $stmt->fetchAll(PDO::FETCH_ASSOC);

foreach ($articles as $article) {
    echo "<h3>{$article['title']}</h3>";
    echo "<p>作者: {$article['author']}</p>";
    echo "<p>发布时间: {$article['created_at']}</p>";
    echo "<div>{$article['content']}</div>";
    echo "<hr>";
}

文章编辑功能

实现文章更新功能：

if (isset($_GET['edit'])) {
    $id = $_GET['edit'];
    $stmt = $pdo->prepare("SELECT * FROM articles WHERE id = ?");
    $stmt->execute([$id]);
    $article = $stmt->fetch(PDO::FETCH_ASSOC);
}

if ($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_POST['update'])) {
    $id = $_POST['id'];
    $title = $_POST['title'];
    $content = $_POST['content'];
    $author = $_POST['author'];

    $stmt = $pdo->prepare("UPDATE articles SET title=?, content=?, author=? WHERE id=?");
    $stmt->execute([$title, $content, $author, $id]);

    header("Location: index.php");
    exit;
}

文章删除功能

实现文章删除功能：

if (isset($_GET['delete'])) {
    $id = $_GET['delete'];
    $stmt = $pdo->prepare("DELETE FROM articles WHERE id = ?");
    $stmt->execute([$id]);

    header("Location: index.php");
    exit;
}

安全防护措施

防止SQL注入和XSS攻击：

// 使用预处理语句防止SQL注入
$stmt = $pdo->prepare("SELECT * FROM articles WHERE id = ?");
$stmt->execute([$id]);

// 输出时过滤HTML标签防止XSS
echo htmlspecialchars($article['content'], ENT_QUOTES, 'UTF-8');

分页功能实现

添加文章列表分页功能：

$perPage = 5;
$page = isset($_GET['page']) ? (int)$_GET['page'] : 1;
$offset = ($page - 1) * $perPage;

$stmt = $pdo->prepare("SELECT * FROM articles ORDER BY created_at DESC LIMIT :offset, :perPage");
$stmt->bindValue(':offset', $offset, PDO::PARAM_INT);
$stmt->bindValue(':perPage', $perPage, PDO::PARAM_INT);
$stmt->execute();
$articles = $stmt->fetchAll(PDO::FETCH_ASSOC);

// 获取总页数
$total = $pdo->query("SELECT COUNT(*) FROM articles")->fetchColumn();
$totalPages = ceil($total / $perPage);

文件上传功能

实现文章图片上传功能：

if (isset($_FILES['image'])) {
    $targetDir = "uploads/";
    $targetFile = $targetDir . basename($_FILES["image"]["name"]);
    $imageFileType = strtolower(pathinfo($targetFile, PATHINFO_EXTENSION));

    // 检查文件类型
    $allowedTypes = ['jpg', 'png', 'jpeg', 'gif'];
    if (in_array($imageFileType, $allowedTypes)) {
        move_uploaded_file($_FILES["image"]["tmp_name"], $targetFile);
        // 将文件路径存入数据库
        $stmt = $pdo->prepare("UPDATE articles SET image_path = ? WHERE id = ?");
        $stmt->execute([$targetFile, $articleId]);
    }
}