max_input_vars and serialized data

Question

I have a huge number of input elements on page which should be submitted to server via ajax.

I've created an array and were trying to send it, but I've got a php warning: "your PHP configuration limits the maximum number of fields to post in a form: 1000 for max_input_vars"

So, I decided to bypass this warning and modify all my huge array into a serialized string. As a result - warning disappear, but I steel getting truncated data on server side.

P.S. In both cases problem can be solved via increasing max_input_vars variable. But in the second one data truncates by parse_str($_POST['data'], $data) function!

Why does restriction of "max_input_vars" applied when I'm trying to parse a huge string?

Answer 1

A side-effect of "max_input_vars" setting is parse_str(). This function is also subjected to the limit specified by max_input_vars - which is not clearly documented.

Even the father of PHP, Rasmus Lerdorf, thinks that this is unintuitive.

Answer 2

You can change it in php.ini . The default limit is 1000. This is what the manual says.

How many input variables may be accepted (limit is applied to $_GET, $_POST and $_COOKIE superglobal separately). Use of this directive mitigates the possibility of denial of service attacks which use hash collisions. If there are more input variables than specified by this directive, an E_WARNING is issued, and further input variables are truncated from the request. This limit applies only to each nesting level of a multi-dimensional input array.

So basically it applies to each nesting level.

If thats not the case then try checking post_max_size that could also truncate the length of the content being posted.