diff --git a/www/mysql_adapter.php b/www/mysql_adapter.php
index bbb5b05..324a767 100644
--- a/www/mysql_adapter.php
+++ b/www/mysql_adapter.php
@@ -29,6 +29,21 @@ class MySQLAdapter {
 		}
 	}
 
+	function _sanitize_path($post_path) {
+		$post_path = chop($post_path, '/');
+
+		if($post_path == "") {
+			return "";
+		}
+
+		if(!preg_match('/^(?:\/[\w-]+)+(?:\.[\w-]+)*$/', $post_path)) {
+			echo "Post path match against " . $post_path . " failed!";
+			die();
+		}
+
+		return $post_path;
+	}
+
 	function _exec($qery, $argtypes, ...$args) {
 		$stmt = $this->raw->prepare($qery);
 		$stmt->bind_param($argtypes, ...$args);
@@ -53,7 +68,7 @@ class MySQLAdapter {
 	}
 
 	function bump_post($post_path, $post_metadata = [], $create_dirs = true) {
-		$post_path = chop($post_path, '/');
+		$post_path = $this->_sanitize_path($post_path);
 		$path_depth = substr_count($post_path, "/");
 
 		if($create_dirs) {
@@ -89,7 +104,7 @@ class MySQLAdapter {
 	}
 
 	function update_or_create_post($post_path, $post_metadata, $post_content) {
-		$post_path = chop($post_path, '/');
+		$post_path = $this->_sanitize_path($post_path);
 		$path_depth = substr_count($post_path, "/");
 		
 		$this->make_post_directory(dirname($post_path));
@@ -109,6 +124,7 @@ class MySQLAdapter {
 	}
 
 	function get_settings_for_path($post_path) {
+		$post_path = $this->_sanitize_path($post_path);
 
 		$qry = "
 		WITH RECURSIVE settings_data (post_path, post_depth, json_settings) AS (
@@ -146,15 +162,19 @@ class MySQLAdapter {
 	}
 	
 	function get_post_by_path($post_path, 
-			$with_subposts = true, $with_settings = true) {
+			$with_subposts = false, $with_settings = true) {
 		
 		$qry = "SELECT * FROM posts WHERE post_path = ?";
-		$post_path = chop($post_path, '/');
+		$post_path = $this->_sanitize_path($post_path);
 
 		$post_data = $this->_exec($qry, "s", $post_path)->fetch_assoc();
 		$post_data = $this->_normalize_post_data($post_data);
 
 		$post_data['post_path'] = $post_path;
+		
+		if(!$post_data['found']) {
+			return $post_data;
+		}
 
 		if($with_subposts) {
 			$post_data['subposts'] = $this->get_subposts_by_path($post_path);
@@ -169,7 +189,7 @@ class MySQLAdapter {
 	function get_subposts_by_path($path) {
 	    global $sql;
 	
-	    $path = chop($path, '/');
+	    $path = $this->_sanitize_path($path);
 	
 	    $path_depth = substr_count($path, "/");
 	
diff --git a/www/post_adapter.php b/www/post_adapter.php
index bb6111a..06babc7 100644
--- a/www/post_adapter.php
+++ b/www/post_adapter.php
@@ -64,7 +64,7 @@ class PostHandler extends MySQLAdapter {
 
     function save_markdown_post($post_path, $post_data) {
 		$frontmatter_post = YamlFrontMatter::parse($post_data);
-		$post_path = chop($post_path, '/');
+		$post_path = $this->_sanitize_path($post_path);
 
 		$post_content = $frontmatter_post->body();
 		$post_metadata = $frontmatter_post->matter();