php实现博客系统
数据库设计
创建MySQL数据库表存储博客内容。主要需要posts表(文章)、categories表(分类)、users表(用户)和comments表(评论)。以下是核心表的SQL示例:
CREATE TABLE posts (
id INT AUTO_INCREMENT PRIMARY KEY,
title VARCHAR(255) NOT NULL,
content TEXT NOT NULL,
category_id INT,
user_id INT,
created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP,
FOREIGN KEY (category_id) REFERENCES categories(id),
FOREIGN KEY (user_id) REFERENCES users(id)
);核心功能实现
建立数据库连接使用PDO扩展,创建Database.php类处理连接:
class Database {
private $host = 'localhost';
private $db_name = 'blog_db';
private $username = 'root';
private $password = '';
private $conn;
public function connect() {
$this->conn = null;
try {
$this->conn = new PDO(
'mysql:host='.$this->host.';dbname='.$this->db_name,
$this->username,
$this->password
);
$this->conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
} catch(PDOException $e) {
echo 'Connection Error: '.$e->getMessage();
}
return $this->conn;
}
}文章管理模块
创建Post.php模型类处理文章CRUD操作。示例方法:
class Post {
private $conn;
private $table = 'posts';
public function __construct($db) {
$this->conn = $db;
}
public function read() {
$query = 'SELECT p.*, c.name as category_name, u.username as author
FROM '.$this->table.' p
LEFT JOIN categories c ON p.category_id = c.id
LEFT JOIN users u ON p.user_id = u.id
ORDER BY p.created_at DESC';
$stmt = $this->conn->prepare($query);
$stmt->execute();
return $stmt;
}
}用户认证系统
实现用户注册和登录功能,使用PHP的password_hash()进行密码加密:
class User {
public function register($username, $password) {
$hashed_password = password_hash($password, PASSWORD_BCRYPT);
$query = 'INSERT INTO users (username, password) VALUES (:username, :password)';
$stmt = $this->conn->prepare($query);
$stmt->bindParam(':username', $username);
$stmt->bindParam(':password', $hashed_password);
return $stmt->execute();
}
public function login($username, $password) {
$query = 'SELECT * FROM users WHERE username = :username';
$stmt = $this->conn->prepare($query);
$stmt->bindParam(':username', $username);
$stmt->execute();
$user = $stmt->fetch(PDO::FETCH_ASSOC);
if($user && password_verify($password, $user['password'])) {
$_SESSION['user_id'] = $user['id'];
return true;
}
return false;
}
}前端界面构建
使用Bootstrap框架快速搭建响应式界面。创建基础模板文件header.php和footer.php:
<!-- header.php -->
<!DOCTYPE html>
<html>
<head>
<title>PHP Blog</title>
<link href="https://cdn.jsdelivr.net/npm/bootstrap@5.1.3/dist/css/bootstrap.min.css" rel="stylesheet">
</head>
<body>
<nav class="navbar navbar-expand-lg navbar-dark bg-dark">
<div class="container">
<a class="navbar-brand" href="index.php">PHP Blog</a>
</div>
</nav>
<div class="container mt-4">路由系统
创建简单路由机制处理不同页面请求:
// index.php
$page = isset($_GET['page']) ? $_GET['page'] : 'home';
switch($page) {
case 'post':
include 'views/post.php';
break;
case 'login':
include 'views/login.php';
break;
default:
include 'views/home.php';
}安全防护措施
防止SQL注入和XSS攻击:
function sanitizeInput($data) {
$data = trim($data);
$data = stripslashes($data);
$data = htmlspecialchars($data);
return $data;
}
// 在接收用户输入时使用
$title = sanitizeInput($_POST['title']);文件上传处理
实现文章图片上传功能:
if(isset($_FILES['image'])) {
$target_dir = "uploads/";
$target_file = $target_dir . basename($_FILES["image"]["name"]);
$imageFileType = strtolower(pathinfo($target_file,PATHINFO_EXTENSION));
// 检查文件类型
if($imageFileType != "jpg" && $imageFileType != "png" && $imageFileType != "jpeg") {
echo "只允许JPG, JPEG, PNG文件";
} else {
if(move_uploaded_file($_FILES["image"]["tmp_name"], $target_file)) {
// 保存文件路径到数据库
}
}
}
