Fields missing from POST in PHP? This could be why

So you have a webpage with a big form, with a large number of input fields, maybe loads of checkboxes or hidden inputs. The form POSTs to a PHP page… More »

Spread the love

So you have a webpage with a big form, with a large number of input fields, maybe loads of checkboxes or hidden inputs. The form POSTs to a PHP page which processes the data. Except, the PHP page is only receiving part of the form submission – some fields are simply missing from the POST.

Crazy, huh?

Well, maybe you’re not losing your mind after all.

Check your PHP version. I’ll lay odds it’s 5.3.9 or later.

The thing is, in PHP 5.3.9 a new environment variable was introduced to reduce PHP’s vulnerability to a certain kind of ‘Denial of Service’ (DoS) attack, by applying a maximum limit to the number of input fields which could be passed via a form POST. Any extra fields that would push the total number of fields above the limit are silently discarded.

The default limit is 1000, which may sound like a lot, but really isn’t, especially if your form is a datagrid-style editor, or maybe a WordPress admin form with extra metaboxes.

The solution? Add or edit a line in your php.ini file.

Open your php.ini file and look for a line that says max_input_vars = 1000. If it’s there, change the 1000 to a more reasonable value (for example, 10000). If it isn’t there, add the line max_input_vars = 10000 at the end of the file.

You can also see this variable and verify its value by doing a phpinfo() and then searching the resulting HTML page for max_input_vars.

On my local MAMP installation, my php.ini file was at /Applications/MAMP/bin/php/php5.3.14/conf/php.ini though of course your configuration may be different.

On a live server, you may not have access to php.ini – in which case, simply contact your hosting company and ask them to raise max_input_vars from 1000 to a more reasonable figure.

Helpful? Leave me a comment ?

Share Button
Facebook Comments
Spread the love

Posted by News Monkey