Reputation: 1103
php behavior when post_max_size exceeded
I understand that if a POST request exceeds post_max_size, the $_POST and $_FILES superglobals become empty.
I've seen plenty of discussions about how to detect this scenario, but never an explanation of why the superglobals are empty. It seems really odd to me to wipe out the POST data, forcing the user to reenter their answers. Is it a security precaution perhaps?
Curious about other languages (java, .net). Do they behave similarly?
Thanks
Upvotes: 6
Views: 573
Answers (4)
Reputation: 15371
I can't speak for the implementer, but the code is simpler that way. Since the superglobals are cooked, they would have to make decisions about how to handle partial posts, which would inevitably lead to confusion for many people. There are also the alternatives of:
$data = file_get_contents('php://input');
or looking at $HTTP_RAW_POST_DATA although afaik, neither of these work with multipart/form-data.
Upvotes: 0
Reputation: 731
If an array can only fit 50 indexes and you push 100, would you expect the other 50 to remain somewhere?
The same applies to this setting. Though there may be SOME POST data that can fit in the maximum size, having a piece of the expected whole would cause far more problems than having none at all. Right?
It's far easier to detect an EMPTY post than it is to detect an incomplete one.
I believe this is their rationale.
Upvotes: 2
Reputation: 11588
It's a really frustrating and bizarre facet of PHP's code. Some say it's quite sloppy design, but hey, it's a problem which can easily be avoided -- and, if anything, it's something which should only reaffirm how important UI and data transfer design is.
With forms which are bound to exceed ini settings (file uploads, lots of text, etc.) I always upload things asyncronously to a tmp directory which is wiped daily. If the form completes (now stripped of a lot of its data), the files are transferred into permanent locations.
You can always check if things have gone wrong by starting your form processing method with something like:
if(empty($_POST))
{
// show error to user
}
Upvotes: 0
Reputation: 1776
To answer part of your second question, with .NET, if the POST is larger than maxRequestLength (part of the .NET configuration), but smaller than maxAllowedContentLength(part of the IIS configuration) you can create a custom HTTP module to get at the portion of the POST that came through.
Without the custom HTTP module, it'll just throw an exception. And you want maxRequestLength to be the limiting factor, otherwise IIS will deal with it instead of .NET.
Upvotes: 1
Related Questions
- How to gracefully handle files that exceed PHP's `post_max_size`?
- How to stop a oversize file upload while upload is in process?
- Detect if uploaded file is too large
- Apache+PHP Truncated Post/Upload
- What does PHP do when a user uploads a file over the limit?
- How to detect if a user uploaded a file larger than post_max_size?
- PHP max file limit
- Uploading files larger than allowed in servers POST settings
- If you upload a file to PHP that exceeds upload_max_filesize, does the upload terminate?
- Upload doesn't work right when the file is too big