44

I am accessing a PHP server using REST: all data is passed in a GET request as URL parameters. One of the parameters arrives at the server in the query_string, but it is not in the _GET global. But shortening the parameter (the cutoff seems to be around 512 characters) lets it through.

Assuming I have diagnosed the problem correctly, is there a way to change this maximum size? I have not found any explanation in the documentation, not even a mention of this limit. This is on Debian squeeze / Apache 2.2.16 / PHP 5.3.3.

alexfernandez
  • 1,938
  • 3
  • 19
  • 30

2 Answers2

73

Ok, it seems that some versions of PHP have a limitation of length of GET params:

Please note that PHP setups with the suhosin patch installed will have a default limit of 512 characters for get parameters. Although bad practice, most browsers (including IE) supports URLs up to around 2000 characters, while Apache has a default of 8000.

To add support for long parameters with suhosin, add suhosin.get.max_value_length = <limit> in php.ini

Source: http://www.php.net/manual/en/reserved.variables.get.php#101469

Karolis
  • 9,396
  • 29
  • 38
  • 1
    I could hug you. The 800+ char ``crypt`` query param being returned from Sage Pay using Form integration simply wan't received by our checkout_process handler, leading it to present the rather unhelpful message "The card could not be authorised!". FYI I found adding ``php_value suhosin.get.max_value_length 2000`` to .htaccess did not work, I had to add ``suhosin.get.max_value_length=2000`` to the ``[suhosin]`` section of php.ini (and restart httpd) to make the change take effect. Suddenly my long crypt query param is received, processed, and card payments work again. – Neek Aug 30 '15 at 07:32
0

See What is the maximum length of a URL in different browsers?

The length of the url can't be changed in PHP. The linked question is about the URL size limit, you will find what you want.

Community
  • 1
  • 1
Jaffa
  • 12,442
  • 4
  • 49
  • 101
  • 1
    The URL is fine, and the query string has everything. It is just this one parameter (longer than 512 characters) which doesn't show up in _GET. – alexfernandez Oct 11 '11 at 10:04
  • @alexinblue Perhaps the value of this variable has some special symbols. Do you use `urlencode()` for the value? – Karolis Oct 11 '11 at 10:09
  • @Geoffroy as stated, I am using REST: a GET request is quite convenient and I am not willing to change it. The linked article speaks about a practical limit of about 2000 - 4000 characters in IE8; older browsers are not a problem. – alexfernandez Oct 11 '11 at 10:17
  • @alexinblue Perhaps you are right. I did my own test, and I got that the max length of one GET param value is 512 bytes. – Karolis Oct 11 '11 at 10:20
  • @alexinblue By the way, it clearly will not solve this particular problem, but I just wanted to say that you are wrong saying that _PHP is converting everything behind the scenes_. You should always use `urlencode` for GET param values. – Karolis Oct 11 '11 at 10:30
  • @Karolis the client is sending everything urlencode()d. PHP is getting the correct value in $_SERVER['QUERY_STRING'] but not in $_GET. – alexfernandez Oct 11 '11 at 10:58
  • @alexinblue Rest don't impose to use GET for everything. Use GET to GET a page. To send data, POST it. – Jaffa Oct 11 '11 at 12:58