Learn by Directing AI
All materials

product.php

phpproduct.php
<?php
require_once 'includes/db.php';
require_once 'includes/config.php';

$id = isset($_GET['id']) ? $_GET['id'] : 1;

// VULNERABLE: SQL injection via product ID parameter
$product = query_db("SELECT * FROM products WHERE id = $id")->fetch_assoc();
$reviews = query_db("SELECT * FROM reviews WHERE product_id = $id ORDER BY created_at DESC");

// Handle review submission
if ($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_POST['review_content'])) {
    $author = $_POST['author'];
    $content = $_POST['review_content'];
    // DELIBERATELY VULNERABLE: stored XSS - review content stored without sanitization
    $stmt = "INSERT INTO reviews (product_id, author, content, created_at) VALUES ($id, '$author', '$content', NOW())";
    query_db($stmt);
    header("Location: product.php?id=$id");
    exit;
}
?>
<!DOCTYPE html>
<html lang="en">
<head>
    <meta charset="UTF-8">
    <title><?php echo $product['name']; ?> - <?php echo $site_name; ?></title>
    <style>
        body { font-family: Georgia, serif; margin: 0; padding: 0; background: #faf8f5; color: #333; }
        header { background: #8b6914; color: white; padding: 20px; text-align: center; }
        nav { background: #6b5010; padding: 10px; text-align: center; }
        nav a { color: white; text-decoration: none; margin: 0 15px; }
        .content { max-width: 800px; margin: 20px auto; padding: 0 20px; }
        .product-detail { background: white; border: 1px solid #ddd; padding: 20px; margin: 20px 0; }
        .reviews { margin-top: 30px; }
        .review { background: white; border: 1px solid #ddd; padding: 15px; margin: 10px 0; }
        .review-form { background: #f0ead6; padding: 20px; margin-top: 20px; }
        .review-form textarea { width: 100%; height: 80px; }
        .review-form input, .review-form button { padding: 8px 15px; margin: 5px 0; }
        .review-form button { background: #8b6914; color: white; border: none; cursor: pointer; }
    </style>
</head>
<body>
    <header>
        <h1><?php echo $site_name; ?></h1>
    </header>
    <nav>
        <a href="index.php">Shop</a>
        <a href="admin/">Admin</a>
        <a href="search.php">Search</a>
    </nav>
    <div class="content">
        <div class="product-detail">
            <h2><?php echo $product['name']; ?></h2>
            <p><?php echo $product['description']; ?></p>
            <p><strong>Price: &euro;<?php echo number_format($product['price'], 2); ?></strong></p>
        </div>

        <div class="reviews">
            <h3>Customer Reviews</h3>
            <?php if ($reviews && $reviews->num_rows > 0): ?>
                <?php while ($review = $reviews->fetch_assoc()): ?>
                <div class="review">
                    <strong><?php echo $review['author']; ?></strong>
                    <span style="color: #999; font-size: 0.9em;"> - <?php echo $review['created_at']; ?></span>
                    <!-- VULNERABLE: stored XSS - review content rendered without encoding -->
                    <p><?php echo $review['content']; ?></p>
                </div>
                <?php endwhile; ?>
            <?php else: ?>
                <p>No reviews yet. Be the first to review this product.</p>
            <?php endif; ?>

            <div class="review-form">
                <h4>Leave a Review</h4>
                <form method="POST">
                    <input type="text" name="author" placeholder="Your name" required><br>
                    <textarea name="review_content" placeholder="Write your review..." required></textarea><br>
                    <button type="submit">Submit Review</button>
                </form>
            </div>
        </div>
    </div>
</body>
</html>