What actually affects max_input_vars in php.ini and what is a safe high value?

Question

What actually affects max_input_vars in php.ini and what is a safe high value?

I know that the php.ini value for max_input_varsdefault is 1000 (I am using version 5.6). My POST data was truncated, so I needed to increase the cost. And that solved my problem. When I change these values, I just would like to understand that this actually affects specifically.

If I send an array of data to my server, does this mean that it can contain only about 1000 elements? It seemed to me that the sum of my forms did not reach 1000 input fields, so I'm trying to find out what this number is for.

And what is the safe number I can go for? Will 10,000 be considered too high?

+4

php apache http-post

kenshin9 Feb 14 '17 at 22:27

source share

1 answer

Machavity · Answer 1 · 2017-02-14T22:39:22+0000

Basically this is what we like to call a “sanity check”. It limits requests to a reasonable level to prevent such denial of service attacks.

From the manual

How many input variables can be taken (the restriction applies to $ _GET, $ _POST and $ _COOKIE superglobal separately). Using this directive mitigates the possibility of denial of service attacks that use hash collisions. If there are more input variables than specified in this directive, E_WARNING is issued, and additional input variables are truncated from the request.

, , , , , . "" , . , PHP- .

What actually affects max_input_vars in php.ini and what is a safe high value?

More articles: