php实现私信
实现私信功能的基本步骤
私信功能通常包括用户之间的消息发送、接收和展示。以下是一个基本的实现方案:
数据库设计
创建两个表:users(用户表)和private_messages(私信表)。私信表结构示例:
CREATE TABLE private_messages (
id INT AUTO_INCREMENT PRIMARY KEY,
sender_id INT NOT NULL,
recipient_id INT NOT NULL,
message TEXT NOT NULL,
is_read BOOLEAN DEFAULT FALSE,
created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP,
FOREIGN KEY (sender_id) REFERENCES users(id),
FOREIGN KEY (recipient_id) REFERENCES users(id)
);
发送私信功能
function sendPrivateMessage($senderId, $recipientId, $message) {
global $pdo;
$stmt = $pdo->prepare("INSERT INTO private_messages (sender_id, recipient_id, message) VALUES (?, ?, ?)");
return $stmt->execute([$senderId, $recipientId, $message]);
}
获取用户私信
function getUserMessages($userId) {
global $pdo;
$stmt = $pdo->prepare("SELECT m.*, u.username as sender_name
FROM private_messages m
JOIN users u ON m.sender_id = u.id
WHERE m.recipient_id = ?
ORDER BY m.created_at DESC");
$stmt->execute([$userId]);
return $stmt->fetchAll(PDO::FETCH_ASSOC);
}
私信功能的扩展功能
标记为已读

function markAsRead($messageId) {
global $pdo;
$stmt = $pdo->prepare("UPDATE private_messages SET is_read = TRUE WHERE id = ?");
return $stmt->execute([$messageId]);
}
未读消息计数
function getUnreadCount($userId) {
global $pdo;
$stmt = $pdo->prepare("SELECT COUNT(*) FROM private_messages WHERE recipient_id = ? AND is_read = FALSE");
$stmt->execute([$userId]);
return $stmt->fetchColumn();
}
前端界面实现
创建简单的HTML表单发送私信:
<form action="send_message.php" method="post">
<input type="hidden" name="recipient_id" value="<?= $recipientId ?>">
<textarea name="message" required></textarea>
<button type="submit">发送</button>
</form>
显示私信列表:

foreach ($messages as $message) {
echo '<div class="message' . ($message['is_read'] ? '' : ' unread') . '">';
echo '<p>来自: ' . htmlspecialchars($message['sender_name']) . '</p>';
echo '<p>' . htmlspecialchars($message['message']) . '</p>';
echo '<small>' . $message['created_at'] . '</small>';
echo '</div>';
}
安全注意事项
验证用户权限确保用户只能查看自己的私信:
// 在获取消息前验证
if ($_SESSION['user_id'] != $recipientId) {
die('无权查看此消息');
}
使用预处理语句防止SQL注入,如上面的示例代码所示。对输出内容使用htmlspecialchars()防止XSS攻击。
定期清理旧消息:
DELETE FROM private_messages WHERE created_at < DATE_SUB(NOW(), INTERVAL 1 YEAR);






