diff --git a/internal/handlers/post_handler.go b/internal/handlers/post_handler.go
index 7c7ad4d..c2f0b8e 100644
--- a/internal/handlers/post_handler.go
+++ b/internal/handlers/post_handler.go
@@ -130,6 +130,11 @@ func (h *PostHandler) CreatePost(w http.ResponseWriter, r *http.Request) {
 	url := security.SanitizeURL(req.URL)
 	content := security.SanitizePostContent(req.Content)
 
+	if url == "" {
+		SendErrorResponse(w, "Invalid URL", http.StatusBadRequest)
+		return
+	}
+
 	if title == "" && h.titleFetcher != nil {
 		titleCtx, cancel := context.WithTimeout(r.Context(), 7*time.Second)
 		defer cancel()
@@ -160,6 +165,16 @@ func (h *PostHandler) CreatePost(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
+	if len(title) > 200 {
+		SendErrorResponse(w, "Title must be at most 200 characters", http.StatusBadRequest)
+		return
+	}
+
+	if len(content) > 10000 {
+		SendErrorResponse(w, "Content must be at most 10000 characters", http.StatusBadRequest)
+		return
+	}
+
 	post := &database.Post{
 		Title:    title,
 		URL:      url,