if (isset($_SESSION['last_cart_action']) && (time() - $_SESSION['last_cart_action']) < 0.5) header('HTTP/1.1 429 Too Many Requests'); exit;
The attacker crafts add-cart.php?num=12 AND 1=2 UNION SELECT database()-- - . The cart page inadvertently displays the database name (e.g., "vintage_store_db") because the product name lookup fails and falls back to the error message. add-cart.php num
$product_id = filter_input(INPUT_POST, 'product_id', FILTER_VALIDATE_INT, ['options' => ['min_range' => 1]]); $quantity = filter_input(INPUT_POST, 'quantity', FILTER_VALIDATE_INT, ['options' => ['min_range' => 1, 'max_range' => 99]]); if (!$product_id || !$quantity) http_response_code(400); die('Invalid request'); Never trust user input
$_SESSION['last_cart_action'] = time(); Use this checklist to test if your add-cart.php script is secure. And for the love of security, move away from raw add-cart
Never trust user input. Always validate data types. Never use GET requests to modify state. And for the love of security, move away from raw add-cart.php scripts and toward modern, token-authenticated POST endpoints.
// In the form that calls add-cart $_SESSION['csrf_token'] = bin2hex(random_bytes(32)); echo '<input type="hidden" name="csrf_token" value="'.$_SESSION['csrf_token'].'">'; // In add-cart.php if (!hash_equals($_SESSION['csrf_token'], $_POST['csrf_token'])) die('CSRF attack detected');
In the world of e-commerce development, few scripts are as ubiquitous—and as notoriously vulnerable—as add-cart.php . At first glance, it seems harmless: a simple backend handler that adds a product to a user’s shopping cart. But when you see a URL like https://example.com/add-cart.php?num=1 , alarms should go off for any experienced developer.