I understand that if a POST request exceeds post_max_size, the $_POST and $_FILES superglobals become empty.
I've seen plenty of discussions about how to detect this scenario, but never an explanation of why the superglobals are empty. It seems really odd to me to wipe out the POST data, forcing the user to reenter their answers. Is it a security precaution perhaps?
Curious about other languages (java, .net). Do they behave similarly?
Thanks
The default PHP values are 2 MB for upload_max_filesize, and 8 MB for post_max_size. Depending on your host, changing these two PHP variables can be done in a number of places with the most likely being php. ini or . htaccess (depending on your hosting situation).
upload_max_filesize is the maximum size of an uploaded file. This is the limit for a SINGLE file. post_max_size, on the other hand, is the limit of the entire body of the request (which may include multiple files as well as other stuff).
If an array can only fit 50 indexes and you push 100, would you expect the other 50 to remain somewhere?
The same applies to this setting. Though there may be SOME POST data that can fit in the maximum size, having a piece of the expected whole would cause far more problems than having none at all. Right?
It's far easier to detect an EMPTY post than it is to detect an incomplete one.
I believe this is their rationale.
To answer part of your second question, with .NET, if the POST
is larger than maxRequestLength
(part of the .NET configuration), but smaller than maxAllowedContentLength
(part of the IIS configuration) you can create a custom HTTP module to get at the portion of the POST
that came through.
Without the custom HTTP module, it'll just throw an exception. And you want maxRequestLength
to be the limiting factor, otherwise IIS will deal with it instead of .NET.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With