用php实现留言板
数据库设计
创建名为messages的数据库表,包含以下字段:
id:主键,自增name:留言者姓名,VARCHAR(50)email:留言者邮箱,VARCHAR(100)content:留言内容,TEXTcreated_at:留言时间,TIMESTAMP
SQL创建语句示例:
CREATE TABLE messages (
id INT AUTO_INCREMENT PRIMARY KEY,
name VARCHAR(50) NOT NULL,
email VARCHAR(100) NOT NULL,
content TEXT NOT NULL,
created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP
);
数据库连接
创建config.php文件存放数据库连接信息:

<?php
define('DB_HOST', 'localhost');
define('DB_USER', 'username');
define('DB_PASS', 'password');
define('DB_NAME', 'messages');
$conn = new mysqli(DB_HOST, DB_USER, DB_PASS, DB_NAME);
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
?>
提交留言功能
创建submit.php处理表单提交:
<?php
require 'config.php';
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
$name = htmlspecialchars($_POST['name']);
$email = filter_var($_POST['email'], FILTER_VALIDATE_EMAIL);
$content = htmlspecialchars($_POST['content']);
if ($email === false) {
die("Invalid email format");
}
$stmt = $conn->prepare("INSERT INTO messages (name, email, content) VALUES (?, ?, ?)");
$stmt->bind_param("sss", $name, $email, $content);
if ($stmt->execute()) {
header("Location: index.php");
} else {
echo "Error: " . $stmt->error;
}
}
?>
显示留言功能
在index.php中显示所有留言:

<?php
require 'config.php';
$result = $conn->query("SELECT * FROM messages ORDER BY created_at DESC");
?>
<!DOCTYPE html>
<html>
<head>
<title>留言板</title>
</head>
<body>
<h1>留言板</h1>
<form action="submit.php" method="post">
<input type="text" name="name" placeholder="姓名" required>
<input type="email" name="email" placeholder="邮箱" required>
<textarea name="content" placeholder="留言内容" required></textarea>
<button type="submit">提交</button>
</form>
<div class="messages">
<?php while($row = $result->fetch_assoc()): ?>
<div class="message">
<h3><?php echo htmlspecialchars($row['name']); ?></h3>
<small><?php echo htmlspecialchars($row['email']); ?> - <?php echo $row['created_at']; ?></small>
<p><?php echo htmlspecialchars($row['content']); ?></p>
</div>
<?php endwhile; ?>
</div>
</body>
</html>
安全增强
添加CSRF防护和XSS防护:
// 在config.php中添加
session_start();
// 在表单页生成token
$_SESSION['token'] = bin2hex(random_bytes(32));
// 在表单中添加隐藏字段
<input type="hidden" name="token" value="<?php echo $_SESSION['token']; ?>">
// 在submit.php中验证token
if (!isset($_POST['token']) || $_POST['token'] !== $_SESSION['token']) {
die("Invalid CSRF token");
}
分页功能
实现留言分页显示:
// 获取当前页码
$page = isset($_GET['page']) ? (int)$_GET['page'] : 1;
$perPage = 5;
$offset = ($page - 1) * $perPage;
// 查询分页数据
$result = $conn->query("SELECT * FROM messages ORDER BY created_at DESC LIMIT $offset, $perPage");
// 计算总页数
$total = $conn->query("SELECT COUNT(*) FROM messages")->fetch_row()[0];
$totalPages = ceil($total / $perPage);
// 显示分页导航
for ($i = 1; $i <= $totalPages; $i++) {
echo "<a href='?page=$i'>$i</a> ";
}






