Your PHP code contains multiple vulnerabilities, and the most critical among them is an SQL Injection vulnerability. Here's a breakdown of the issues and how to fix them:
1. SQL Injection Vulnerability
Vulnerable Code:
$post_id = $_GET['id'];
$query = "SELECT * FROM blog_posts WHERE id = '$post_id'";
$result = mysqli_query($con,$query);
Why It’s Dangerous:
This code directly inserts user input ($_GET['id']) into the SQL query without sanitization or prepared statements. An attacker could craft a malicious URL like:
edit-post.php?id=1' OR '1'='1
Which would result in:
SELECT * FROM blog_posts WHERE id = '1' OR '1'='1'
And potentially dump all posts or allow further exploitation.
✅ Fix:
Use prepared statements to sanitize user input:
if (isset($_GET['id'])) {
$post_id = $_GET['id'];
$stmt = $con->prepare("SELECT * FROM blog_posts WHERE id = ?");
$stmt->bind_param("i", $post_id);
$stmt->execute();
$result = $stmt->get_result();
2. Cross-Site Scripting (XSS)
Vulnerable Code:
<input type="text" value="<?php echo $postTitle; ?>" name="postTitle" ...>
You're directly outputting user-generated content into HTML without escaping it.
✅ Fix:
Use htmlspecialchars() when echoing user input:
<input type="text" value="<?php echo htmlspecialchars($postTitle); ?>" name="postTitle" ...>
Do this for all echoed variables coming from the database: $description, $content, $catinfo.
3. Lack of CSRF Protection
You're performing a sensitive action (Update Post) without validating a CSRF token. An attacker could trick a logged-in user into submitting a malicious post update.
✅ Fix:
- Generate a CSRF token in the session.
- Embed it as a hidden field in the form.
- Validate it on form submission.
4. Error Information Disclosure
In this part:
echo '<div class="text-center alert bg-danger ...">Error, post info retrive failed, try again</span></div>';
It’s not critical now, but in a production environment, avoid displaying detailed error messages that might help an attacker infer internal logic.
Your PHP code contains multiple vulnerabilities, and the most critical among them is an SQL Injection vulnerability. Here's a breakdown of the issues and how to fix them:
1. SQL Injection Vulnerability
Vulnerable Code:
Why It’s Dangerous:
This code directly inserts user input (
$_GET['id']) into the SQL query without sanitization or prepared statements. An attacker could craft a malicious URL like:Which would result in:
And potentially dump all posts or allow further exploitation.
✅ Fix:
Use prepared statements to sanitize user input:
2. Cross-Site Scripting (XSS)
Vulnerable Code:
You're directly outputting user-generated content into HTML without escaping it.
✅ Fix:
Use
htmlspecialchars()when echoing user input:Do this for all echoed variables coming from the database:
$description,$content,$catinfo.3. Lack of CSRF Protection
You're performing a sensitive action (
Update Post) without validating a CSRF token. An attacker could trick a logged-in user into submitting a malicious post update.✅ Fix:
4. Error Information Disclosure
In this part:
It’s not critical now, but in a production environment, avoid displaying detailed error messages that might help an attacker infer internal logic.