All geek questions in one place

Php behavior when post_max_size is exceeded

I understand that if the POST request exceeds post_max_size, the superglobal $ _POST and $ _FILES become empty.

I've seen a lot of discussion about how to discover this scenario, but it never explains why superglobals are empty. It seems strange to me to erase POST data, forcing the user to retype the answers. Is this possible for security?

Interested in other languages ​​(java, .net). Do they behave the same?

thanks

+6
source share
4 answers

If the array can only match 50 indexes and you press 100, do you expect the remaining 50 to stay somewhere?

The same applies to this setting. Although there may be SOME POST data that can fit into the maximum size, having a part of the expected integer will cause much more problems than not having it at all. Right?

It is much easier to detect an EMPTY message than to detect an incomplete one.

I believe that is their rationale.

+2
source

To answer part of your second question, with .NET, if the POST greater than maxRequestLength (part of the .NET configuration) but less than maxAllowedContentLength (part of the IIS configuration), you can create a custom HTTP module to get the POST part, which went through.

Without a custom HTTP module, it will simply throw an exception . And you want maxRequestLength be a limiting factor, otherwise IIS will handle it instead of .NET .

+1
source

I can not speak for the developer, but this code is simpler. As superglobals prepare, they will have to make decisions about how to handle partial messages, which will inevitably lead to confusion for many people. There are also alternatives:

 $data = file_get_contents('php://input');

or looking at $HTTP_RAW_POST_DATA , although afaik, none of them work with multipart/form-data .

0
source

This is a really frustrating and bizarre aspect of PHP code. Some say that this is a rather messy design, but hey, this is a problem that can be easily avoided - and, in any case, this is only to confirm how important UI design and data transfer are.

With forms that must exceed the ini settings (file uploads, lots of text, etc.). I always load things asynchronously into the tmp directory, which is cleaned daily. If the form is completed (now devoid of a large amount of its data), the files are transferred to permanent places.

You can always check if something went different by running the form processing method with something like:

 if(empty($_POST)) { // show error to user }
0
source

Source: https://habr.com/ru/post/900540/

More articles:


All Articles