数据库连接
<?php
$servername = "localhost";
$username = "username";
$password = "password";
$dbname = "forum_db";
$conn = new mysqli($servername, $username, $password, $dbname);
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
?>
用户注册
<?php
if ($_SERVER["REQUEST_METHOD"] == "POST" && isset($_POST['register'])) {
$username = $_POST['username'];
$email = $_POST['email'];
$password = password_hash($_POST['password'], PASSWORD_DEFAULT);
$sql = "INSERT INTO users (username, email, password) VALUES ('$username', '$email', '$password')";
if ($conn->query($sql) === TRUE) {
echo "Registration successful";
} else {
echo "Error: " . $sql . "<br>" . $conn->error;
}
}
?>
用户登录
<?php
session_start();
if ($_SERVER["REQUEST_METHOD"] == "POST" && isset($_POST['login'])) {
$username = $_POST['username'];
$password = $_POST['password'];
$sql = "SELECT * FROM users WHERE username='$username'";
$result = $conn->query($sql);
if ($result->num_rows > 0) {
$row = $result->fetch_assoc();
if (password_verify($password, $row['password'])) {
$_SESSION['user_id'] = $row['id'];
$_SESSION['username'] = $row['username'];
echo "Login successful";
} else {
echo "Invalid password";
}
} else {
echo "User not found";
}
}
?>
创建帖子
<?php
if ($_SERVER["REQUEST_METHOD"] == "POST" && isset($_POST['create_post'])) {
$title = $_POST['title'];
$content = $_POST['content'];
$user_id = $_SESSION['user_id'];
$sql = "INSERT INTO posts (title, content, user_id) VALUES ('$title', '$content', '$user_id')";
if ($conn->query($sql) === TRUE) {
echo "Post created successfully";
} else {
echo "Error: " . $sql . "<br>" . $conn->error;
}
}
?>
显示帖子列表
<?php
$sql = "SELECT posts.*, users.username FROM posts JOIN users ON posts.user_id = users.id ORDER BY created_at DESC";
$result = $conn->query($sql);
if ($result->num_rows > 0) {
while($row = $result->fetch_assoc()) {
echo "<h3>" . $row['title'] . "</h3>";
echo "<p>By: " . $row['username'] . "</p>";
echo "<p>" . $row['content'] . "</p>";
echo "<hr>";
}
} else {
echo "No posts yet";
}
?>
添加回复
<?php
if ($_SERVER["REQUEST_METHOD"] == "POST" && isset($_POST['add_reply'])) {
$post_id = $_POST['post_id'];
$content = $_POST['content'];
$user_id = $_SESSION['user_id'];
$sql = "INSERT INTO replies (post_id, content, user_id) VALUES ('$post_id', '$content', '$user_id')";
if ($conn->query($sql) === TRUE) {
echo "Reply added successfully";
} else {
echo "Error: " . $sql . "<br>" . $conn->error;
}
}
?>
显示回复
<?php
if (isset($_GET['post_id'])) {
$post_id = $_GET['post_id'];
$sql = "SELECT replies.*, users.username FROM replies JOIN users ON replies.user_id = users.id WHERE post_id=$post_id ORDER BY created_at ASC";
$result = $conn->query($sql);
if ($result->num_rows > 0) {
while($row = $result->fetch_assoc()) {
echo "<p>" . $row['username'] . " said:</p>";
echo "<p>" . $row['content'] . "</p>";
echo "<hr>";
}
} else {
echo "No replies yet";
}
}
?>
数据库表结构
CREATE TABLE users (
id INT AUTO_INCREMENT PRIMARY KEY,
username VARCHAR(50) NOT NULL UNIQUE,
email VARCHAR(100) NOT NULL UNIQUE,
password VARCHAR(255) NOT NULL,
created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP
);
CREATE TABLE posts (
id INT AUTO_INCREMENT PRIMARY KEY,
title VARCHAR(255) NOT NULL,
content TEXT NOT NULL,
user_id INT NOT NULL,
created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP,
FOREIGN KEY (user_id) REFERENCES users(id)
);
CREATE TABLE replies (
id INT AUTO_INCREMENT PRIMARY KEY,
post_id INT NOT NULL,
content TEXT NOT NULL,
user_id INT NOT NULL,
created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP,
FOREIGN KEY (post_id) REFERENCES posts(id),
FOREIGN KEY (user_id) REFERENCES users(id)
);
安全注意事项
- 使用预处理语句防止SQL注入
- 对所有用户输入进行验证和过滤
- 实现CSRF保护
- 对密码进行哈希存储
- 实现适当的错误处理