I've come across a problem, which I can't seem to fix. I have a form (method="post" enctype="multipart/form-data") in which the user can choose some options. They
have the possibility to 'check all'. If they 'check all', they are checking about
2000+ boxes. To check if my form actually gets posted, I have the following (not so complex) code:
<?php
if(isset($_POST['bijwerken'])) {
echo "YIPPEE!!";
}
?>
Now, if I check all the boxes, I don't get any feedback. If I only select like 20 boxes, I do actually get feedback. What am I missing? The checkboxes are also generated by a script, with an echo :
echo " <input type=\"checkbox\" name=\"productsoorten[]\" value='" . $rowproductsoorten1[productsoort1] . "'> " . $rowproductsoorten1[productsoort1] . "<br />";
Would love the hear some good ideas!
Yes, there's actually a max_input_vars setting. The default value is 1000 and your post inputs won't work if the number of input fields are more than that.
Edit your php.ini file (usually at /etc/php5/apache2/php.ini if you're on a Unix system) and increase the limit:
max_input_vars = 5000
If you can't modify the php.ini file, you can add this to .htaccess:
php_value max_input_vars 5000
I'm sure most people would choose simplicity over better design and I'm not going to explain every detail on how I'd handle this. If you don't understand what I'm talking or don't want to make the extra effort to write this pseudo-code out then this solution probably isn't for you.
I'd compress this data before you POST. First take the checkboxes out of your form tag so they don't get posted (we'll be giving it out own data).
Second, when the user submits the form (now with just a button) run some JS which traverses your DOM and gathers all of your check data. It will need to create a long array and then it'll need to use a separate long to shift the active bit if the checkbox is selected only (start at 1 and double the value for each checkbox until it reaches >2147483647). I would stop at 31bits per group (even though JS uses 64bit longs; the shift ops don't work above 32; also, JS doesn't have unsigned variables so unless you want to deal with flipping the - sign while all of this is going on then that's out too).
Third, post that to the server in a hidden text field and on the server end you get to reverse all of this.
Fourth, decode this on the server.
Fifth: Do this all again in reverse if you need the checks to begin correctly setup.
Advantages of This:
- MUCH less data travels between client and server
- No need to modify php.ini or even .htaccess
- This is able to grow and shrink dynamically (no need to reconfigure anything if you add another 2000 checks)
- Some browsers have limits on the number of bytes\fields you can post so simply increasing the number of fields won't always help.
- IE has limits on the length of a URL so forget about GET with the other solution. MAYBE, you can do it with this.
Disadvantages:
- Much more difficult to implement (nearly everything will need to be done 2 times for client and server as well)
- Users may not have JS enabled
- JS needs a lot of help when it comes to bit shifting
- Uses more CPU time
--
If you want to take this up a notch then you'll want to work out a fix for the JS bit shift operator problem (this will nearly halve your data length): Converting javascript Integer to Byte array and back
This improved version will also require a 64bit PHP installation on the server (or a BigInt class which is WAY out of scope for this question).
Related
We are designing a system for conducting a survey in which it askes user a about 72 questions (Multiple Choice questions)
And when the user submits this will be posted to php page which will save the answer in a MySQL table.
Its works fine and perfectly well when we doing the test with a small number of user
But I observed the when a large amount of users are submitting not all data reaches the server only a part of some users answer (around 65 answer) only reaches the server.But i get data from my all users but some answers aren't compete.
Am using MySql engine : MyISAM
What would be the problem or how can i solve this. is it the problem with some php configuration or mysql (large number of insert statement)
What is the best way to handle larger amount data from a form submission php
Thanks in Advance
There is a limit on POST request size in PHP. You can adjust post_max_size in your php.ini. As for database, I don't know how you are saving them in the database, but there are character/storage limitation on the database as well.
Whenever I'm dealing with large POST data like sending numerous field values through forms, using ajax does wonders! Try using jQuery $.post(), which is the shorthand for $.ajax(). It's quite easy to use, even if you're not that familiar with jQuery :)
You need to Increase max_input_vars from php.ini OR you can set the following code in your .htaccess file.
php_value max_input_vars 3000
You should use the ajax function for post the data..
Go through bellow link,it might help you
https://www.w3schools.com/jquery/ajax_ajax.asp
I use php to manage html and now I have problem with input date in mysql.
All with my input in MySQL or update or delete in MySQL is ok but how I can make security for input data in mysql because if some one open to see my html source code with browser he can see my predefined inputs and he can change thats in html and after that enter wronk inputs in mysql.
This is my code:
Options Value: <select name="extend">
<option value="<?php $_end1;$newDate = date('Y-m-d', strtotime($_end. " + 1 month"));echo $newDate;?>">1 Month</option>
Now when if someone open browser and see my code he can replease 1 month with several month and that in MySQL.
How can I this secure and or hide that in HTML.
Thx
If you're wanting to have fields or input that can't be edited by the user, such as the current date that the form was submitted on or something along the lines of that, you need to do do all of that on the server side (not the client side). Any data that is submitted from the client side can (and you should treat it like it will) be changed.
Instead of having form fields with preset values, fields that are hidden, fields that are disabled, data that is rendered with JavaScript, or any other way you could think of storing data on the client side, do those things on the server side. You can use a PHP script to do this, seeing as you're already making use of PHP. When you submit the form it has to go to some sort of a server side script, do that logic there and submit that logic to a database.
filter all your received user input. This might be clear for free text inputs, but should be done as well for predefined values.
Easiest for extending might be to only accept a certain number. For example 1, 2 or 3.
$extend = filter_input(INPUT_POST, 'extend', FILTER_VALIDATE_INT); is the first step, but you should also check if $extend is not equal to an illegal number.
if(in_array($extend, range(1,3)){ }
input like numbers is a lot more simple to check than a range of dates.
But even when that would be needed: it is possible to make your own validation function.
It is not possible to limit the browser or the user to only send certain data in a form. Either they could use a tool in the browser to change the habits of a form element, or they could rebuild the form completely in their own htmlpage or other tool
There is very simple answer to your question - you can NOT secure html and you should not even try. Every browser is equipped with developer tools and even without browser anyone can send to your server whatever they want. This is how Internet works.
What you SHOULD do is to verify your input data on server side where user has no access. In your case you should have array of allowed inputs or function assessing if input from user is valid.
More, if you know what will be the algorithm eg. ($_end + 1month) than you do not need to get from user result but only value of $_end. You can calculate $newDate just before inserting data to database - this way user will have no way of changing it.
First of all, please be carefull with your writing, it is pretty hard to understand your problem.
Secondly, if you want to "hide" PHP code to the user, you could write your code in a different way :
You create a form in which users will be able to fill some informations, and for example a date, like in your example. If this date is an option, it can have some value, as the one you show.
Then when the user submit the file, you make a checking on the variables. If you want this form to show a price, to add some data to a database, or whatever, you do some checking to be sure that the values are correct. For example, if you want to calculate a price, you will check the date the user selected, and calculate the price from this date. With this method, even if user changed the code, they will not be able to change the checking (at least not easily).
And to conclude you show a page asking the user for confirmation. This way, he will check if the informations are correct, and you can ask to re-fill some fields if you detected some invalids values
That's hard to show some concrete code, since I don't really know what you want to do, but I hope this explanation was clear. Don't hesitate to ask some questions, I'll try to answer.
darling brother:
you have 3 method:
1: define a variables instead of 1 month
2: use encryption method for php enciding that provide encryption php cides to unformatted charachters (ionCube )
3: usin my sql encryption : MD5
What is the max lenght of a input text in php post request ?
I need to post in a form symfony a very large json object in one input text but when the input is too large the data is from the input in the symfony controler is null.
I found some answers : set max_input_vars, max_upload_file in php.ini for change the apache configuration but it's does not work.
For example i have a input with value length = 4837112
So i'm asking if anyone know how disable the limit of the input text or set a biggest value to the limit ?
And if it's php or apache or maybe symfony which poses this problems ?
I can't comment yet because I don't have the rep to do so but I'll explain a few things. Also, please post some of your code, it would be very helpful.
When you POST something through PHP, the limit can be set in php.ini (or equivalent) and the httpd service must be restarted to take effect. If it's still not taking effect, then you have to take a few things into consideration.
Am I editing the correct values?
Do I have a non-standard installation like two versions of apache installed?
Do I have an override set somewhere else like htaccess or a setting in your framework?
Is the data REALLY sending?
You'll need to have something like firebug to help you debug this (click on console). If you see the data POST, have it return to you for debug purposes. If it doesn't come back but it does post, it could be one of the above or there's something wrong in your code.
I have a PHP form which lists all the people who will share the cost of an item. Next to each person, there is a blank field which you type the percentage of ownership. Currently, I have no mechanism to prevent you from allocating more than or less than 100%. For example:
Joe - 40%
Jill - 40%
Jane - 40%
The above scenario is currently possible and will break the math. Before submitting the form, I would like to verify that the entered percentages total 100. It would be nice if I could do this in real time (before submitting) but upon submit is okay too.
These values get entered into a MySQL DB.
Thank you!
Here is a javascript demo I made for you:
http://jonathancross.com/projects/form-validation.html
Code is not 100% complete, but should get you most of the way there. Would suggest adding support for up and down arrows on keyboard and of course a submit button :-)
Note about validation:
You will also need to validate the values on the server-side (php) to be sure they work before storing in the database. Javascript is great for immediate feedback, but is easy to circumvent (if someone wanted to break your app). It is also possible that users might disable javascript or use a browser which does not support it so beware and always validate on the server side.
I am using a combination of ajax php and sql. I have a local copy of this program and a live sever run by a company, there is a button that posts a comment, on the local copy you can post a comment of any size, but on the live server I have narrowed it down to about 512 bytes once the comment gets larger than that, no error is generated but the comment isn't added, is there any configuration files concerning MySQL databases PHP or javascript that could limit the amount of data that can be parsed?
Ok there was a get max value paramater in php.ini (under the settings for shino or something like that that was on the live server) that was set to 512 I changed it so now the system can handle 10KB of text for comments
is the action of the form for posting comments GET or POST?
if it's POST: in the php.ini, there's a configuration called post_max_size (documentation), please take a look at that on your local- and production-server and compare the values.
if it's GET: some browsers limit the querystring to aroudn 2kb, so maybe you exceed this... you should use POST instead.
If it were me, I would probably use the "onSubmit" tag on the form an run a quick javascript validation on the input (a function called from onSubmit="return func(this)" will only transmit if func(this) returns true). Simply have it call a function, and if the value of the field has a string length and return a little alert window if there are more than 500 characters. That way you don't necessarily parse or transmit anything you don't have to.
You'll probably want to have a fallback so that someone with javascript disabled can't bypass those limits, but that should work for the majority of your users.