用PHP实现论坛功能

yyf198905252025-12-30 11:04

数据库连接

php 复制代码 
<?php
$servername = "localhost";
$username = "username";
$password = "password";
$dbname = "forum_db";

$conn = new mysqli($servername, $username, $password, $dbname);

if ($conn->connect_error) {
    die("Connection failed: " . $conn->connect_error);
}
?>
用户注册
php 复制代码 
<?php
if ($_SERVER["REQUEST_METHOD"] == "POST" && isset($_POST['register'])) {
    $username = $_POST['username'];
    $email = $_POST['email'];
    $password = password_hash($_POST['password'], PASSWORD_DEFAULT);
    
    $sql = "INSERT INTO users (username, email, password) VALUES ('$username', '$email', '$password')";
    
    if ($conn->query($sql) === TRUE) {
        echo "Registration successful";
    } else {
        echo "Error: " . $sql . "<br>" . $conn->error;
    }
}
?>
用户登录
php 复制代码 
<?php
session_start();

if ($_SERVER["REQUEST_METHOD"] == "POST" && isset($_POST['login'])) {
    $username = $_POST['username'];
    $password = $_POST['password'];
    
    $sql = "SELECT * FROM users WHERE username='$username'";
    $result = $conn->query($sql);
    
    if ($result->num_rows > 0) {
        $row = $result->fetch_assoc();
        if (password_verify($password, $row['password'])) {
            $_SESSION['user_id'] = $row['id'];
            $_SESSION['username'] = $row['username'];
            echo "Login successful";
        } else {
            echo "Invalid password";
        }
    } else {
        echo "User not found";
    }
}
?>
创建帖子
php 复制代码 
<?php
if ($_SERVER["REQUEST_METHOD"] == "POST" && isset($_POST['create_post'])) {
    $title = $_POST['title'];
    $content = $_POST['content'];
    $user_id = $_SESSION['user_id'];
    
    $sql = "INSERT INTO posts (title, content, user_id) VALUES ('$title', '$content', '$user_id')";
    
    if ($conn->query($sql) === TRUE) {
        echo "Post created successfully";
    } else {
        echo "Error: " . $sql . "<br>" . $conn->error;
    }
}
?>
显示帖子列表
php 复制代码 
<?php
$sql = "SELECT posts.*, users.username FROM posts JOIN users ON posts.user_id = users.id ORDER BY created_at DESC";
$result = $conn->query($sql);

if ($result->num_rows > 0) {
    while($row = $result->fetch_assoc()) {
        echo "<h3>" . $row['title'] . "</h3>";
        echo "<p>By: " . $row['username'] . "</p>";
        echo "<p>" . $row['content'] . "</p>";
        echo "<hr>";
    }
} else {
    echo "No posts yet";
}
?>
添加回复
php 复制代码 
<?php
if ($_SERVER["REQUEST_METHOD"] == "POST" && isset($_POST['add_reply'])) {
    $post_id = $_POST['post_id'];
    $content = $_POST['content'];
    $user_id = $_SESSION['user_id'];
    
    $sql = "INSERT INTO replies (post_id, content, user_id) VALUES ('$post_id', '$content', '$user_id')";
    
    if ($conn->query($sql) === TRUE) {
        echo "Reply added successfully";
    } else {
        echo "Error: " . $sql . "<br>" . $conn->error;
    }
}
?>
显示回复
php 复制代码 
<?php
if (isset($_GET['post_id'])) {
    $post_id = $_GET['post_id'];
    $sql = "SELECT replies.*, users.username FROM replies JOIN users ON replies.user_id = users.id WHERE post_id=$post_id ORDER BY created_at ASC";
    $result = $conn->query($sql);

    if ($result->num_rows > 0) {
        while($row = $result->fetch_assoc()) {
            echo "<p>" . $row['username'] . " said:</p>";
            echo "<p>" . $row['content'] . "</p>";
            echo "<hr>";
        }
    } else {
        echo "No replies yet";
    }
}
?>

数据库表结构

sql 复制代码 
CREATE TABLE users (
    id INT AUTO_INCREMENT PRIMARY KEY,
    username VARCHAR(50) NOT NULL UNIQUE,
    email VARCHAR(100) NOT NULL UNIQUE,
    password VARCHAR(255) NOT NULL,
    created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP
);

CREATE TABLE posts (
    id INT AUTO_INCREMENT PRIMARY KEY,
    title VARCHAR(255) NOT NULL,
    content TEXT NOT NULL,
    user_id INT NOT NULL,
    created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP,
    FOREIGN KEY (user_id) REFERENCES users(id)
);

CREATE TABLE replies (
    id INT AUTO_INCREMENT PRIMARY KEY,
    post_id INT NOT NULL,
    content TEXT NOT NULL,
    user_id INT NOT NULL,
    created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP,
    FOREIGN KEY (post_id) REFERENCES posts(id),
    FOREIGN KEY (user_id) REFERENCES users(id)
);

安全注意事项

  • 使用预处理语句防止SQL注入
  • 对所有用户输入进行验证和过滤
  • 实现CSRF保护
  • 对密码进行哈希存储
  • 实现适当的错误处理
相关推荐
shizhenshide10 小时前
社交媒体自动化:批量注册/发帖的验证码难题一站式解决
自动化·php·媒体·验证码·ezcaptcha
zwtahql12 小时前
php源码级别调试
开发语言·php
Jerry_Gao92115 小时前
【成长笔记】【web安全】深入Web安全与PHP底层:四天实战课程笔记
笔记·安全·web安全·php·漏洞
遗悲风15 小时前
PHP伪协议全面解析:原理、常用场景、攻防实战与安全防护
android·安全·php
niaiheni15 小时前
PHP文件包含
开发语言·php
无名的小三轮16 小时前
第二章 信息安全概述
开发语言·php
吃不吃早饭16 小时前
深入浅出:HTTPS 安全机制 + PHP 文件包含与伪协议全解析
安全·https·php
无名的小三轮17 小时前
第三章 防火墙概述
开发语言·php
明天…ling19 小时前
php底层原理与安全漏洞实战
开发语言·php
肥硕之虎19 小时前
从原理到实操:php://filter 伪协议玩转文件包含漏洞
开发语言·网络安全·php
热门推荐
01GitHub 镜像站点022025 Telegram 最新免费社工库机器人(LetsTG可[特殊字符])搭建指南(含 Python 脚本)03OpenCode 入门教程:介绍 · 安装 · 配置第三方 API (如 Claude)04Linux下V2Ray安装配置指南05UV安装并设置国内源06安娜的档案(Anna’s Archive) 镜像网站/国内最新可访问入口(持续更新)07AI 规范驱动开发“三剑客”深度对比:Spec-Kit、Kiro 与 OpenSpec 实战指南08Labelme从安装到标注:零基础完整指南09Claude Code Skills 实用使用手册10BongoCat - 跨平台键盘猫动画工具