max_input_fields: Why Your Long Forms are Being Chopped Off

If you don't keep your php.ini in sync with your PHP version you might be wondering why very large forms seem to be missing their bottom half when you go to analyse your $_POST array. Newer releases of PHP have a configuration directive called max_input_fields with a default value of 1000 which is meant to help reduce the risk of DoS.

I've seen it argued that forms with over 1000 fields can probably be organised a better way, and that's mostly true - but what happens when your software is a dynamically generated spreadsheet a la CSV verification and pre-processing?

You might want to take this as a cue to update your php.ini but it's also safe to drop

max_input_fields = 40960

or some other number reasonably tuned to your needs into your existing config.


There are no comments for this item.