PHP私信怎么实现
PHP私信功能实现方法
数据库设计
创建私信相关的数据表结构,通常需要messages表存储消息内容,users表存储用户信息。
CREATE TABLE users (
id INT AUTO_INCREMENT PRIMARY KEY,
username VARCHAR(50) NOT NULL,
password VARCHAR(255) NOT NULL
);
CREATE TABLE messages (
id INT AUTO_INCREMENT PRIMARY KEY,
sender_id INT NOT NULL,
receiver_id INT NOT NULL,
content TEXT NOT NULL,
created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP,
is_read BOOLEAN DEFAULT FALSE,
FOREIGN KEY (sender_id) REFERENCES users(id),
FOREIGN KEY (receiver_id) REFERENCES users(id)
);发送私信功能
创建发送私信的PHP处理脚本,通常命名为send_message.php
<?php
session_start();
require 'db_connection.php';
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
$receiver_id = $_POST['receiver_id'];
$content = trim($_POST['content']);
if (!empty($content) && !empty($receiver_id)) {
$sender_id = $_SESSION['user_id'];
$stmt = $pdo->prepare("INSERT INTO messages (sender_id, receiver_id, content) VALUES (?, ?, ?)");
$stmt->execute([$sender_id, $receiver_id, $content]);
header("Location: messages.php");
exit();
}
}
?>显示私信列表
创建显示私信列表的页面messages.php
<?php
session_start();
require 'db_connection.php';
$user_id = $_SESSION['user_id'];
// 获取收到的消息
$stmt = $pdo->prepare("SELECT m.*, u.username as sender_name FROM messages m
JOIN users u ON m.sender_id = u.id
WHERE m.receiver_id = ? ORDER BY m.created_at DESC");
$stmt->execute([$user_id]);
$received_messages = $stmt->fetchAll();
// 获取发送的消息
$stmt = $pdo->prepare("SELECT m.*, u.username as receiver_name FROM messages m
JOIN users u ON m.receiver_id = u.id
WHERE m.sender_id = ? ORDER BY m.created_at DESC");
$stmt->execute([$user_id]);
$sent_messages = $stmt->fetchAll();
?>
<!-- HTML显示部分 -->
<div class="message-list">
<h3>收到的消息</h3>
<?php foreach ($received_messages as $msg): ?>
<div class="message">
<p>来自: <?= htmlspecialchars($msg['sender_name']) ?></p>
<p><?= htmlspecialchars($msg['content']) ?></p>
<small><?= $msg['created_at'] ?></small>
</div>
<?php endforeach; ?>
</div>消息标记为已读
在查看消息时更新已读状态
// 在查看单条消息时
$message_id = $_GET['id'];
$stmt = $pdo->prepare("UPDATE messages SET is_read = TRUE WHERE id = ? AND receiver_id = ?");
$stmt->execute([$message_id, $user_id]);实时消息通知
使用AJAX轮询或WebSocket实现实时通知
// 前端JavaScript轮询
setInterval(function() {
fetch('check_new_messages.php')
.then(response => response.json())
.then(data => {
if(data.count > 0) {
document.getElementById('notification').textContent = `您有 ${data.count} 条新消息`;
}
});
}, 5000);// check_new_messages.php
session_start();
require 'db_connection.php';
$user_id = $_SESSION['user_id'];
$stmt = $pdo->prepare("SELECT COUNT(*) as count FROM messages WHERE receiver_id = ? AND is_read = FALSE");
$stmt->execute([$user_id]);
$result = $stmt->fetch();
header('Content-Type: application/json');
echo json_encode(['count' => $result['count']]);安全注意事项
- 对所有用户输入使用
htmlspecialchars()或预处理语句防止XSS和SQL注入 - 验证发送者和接收者身份,确保用户只能查看自己的消息
- 对敏感操作使用CSRF令牌
- 考虑对消息内容进行加密存储
以上实现方法可以根据具体需求进行调整,如增加附件功能、消息撤回、已读回执等高级特性。
