2

Error URLGET http://xxxx/getSoru.php?notin=66733,17234,65585,16126,1790,45282,2522504,36297,66733,17234,65585,16126,45282,25613,44739,43419,19521,49195,34736,59717,3701,11671,24810,12358,66733,17234,65585,16126,1790,45282,25613,27092,60758,21701,44739,54036,20215,63234,59201,43419,19521,49195,34736,59717,3701,11671,24810,12358,19600,67182,47380,43313,4421,44779,32417,39457,48284,19056,35821,11085,12306,22573,12131,19561,61720,3923,43192,28483,8768,26383,3758,54901,32784,1109,6860,36101,375,1547,16996,15377,37769,5248,8171,25155,49890,8658,22504,36297

No Error URLGET http://xxxx/getSoru.php?notin=66733,17234,65585,16126,1790,45282,2522504,36297,66733,17234,65585,16126,45282,25613,44739,43419,19521,49195,34736,59717,3701,11671,24810,12358,66733,17234,65585,16126,1790,45282,25613,27092,60758,21701,44739,54036,20215,63234,59201,43419,19521,49195,34736,59717,3701,11671,24810,12358,19600,67182,47380,43313,4421,44779,32417,39457,48284,19056,35821,11085,12306,22573,12131,19561,61720,3923,43192,28483,8768,26383,3758,54901,32784,1109,6860,36101,375,1547,16996,15377,37769,5248,8171,25155,49890,8658,22504

Remove 36297 number or any number in url no problem getSoru.php file

<?php
$notin = $_GET['notin'];
echo $notin;
?>

I'm not getting 414 Request-URI Too Long error

Why return empty ?

Ahmet Aytanozu
  • 111
  • 2
  • 9
  • 1
    That URL is invalid, those comma characters (`,`) need to be URL encoded as `%2C`. – arkascha Dec 29 '16 at 16:17
  • Apart from that it might be that 1. you have some redirection rules that (accidentally) strip the query arguments and/or 2. you might have the suhosin security extension configured such that it blocks get arguments that exceed a certain length and/or 3. it might be that what you posted is not an actual http get request but something looking similar. Keep in mind that we cannot look over your shoulder. You have to tell us what exactly you do. – arkascha Dec 29 '16 at 16:18
  • I tried URL encode as %2C, but the result is the same – Ahmet Aytanozu Dec 29 '16 at 16:21
  • OK, so the issue is another one. Still you need to encode, even if things _might_ work under some situations. A URL should be valid according to standards. – arkascha Dec 29 '16 at 16:23
  • Possible duplicate of [Max size of URL parameters in \_GET](http://stackoverflow.com/questions/7724270/max-size-of-url-parameters-in-get) – Phylogenesis Dec 29 '16 at 16:25
  • I'm not getting `414 Request-URI Too Long` error – Ahmet Aytanozu Dec 29 '16 at 16:37
  • Don't use `method="get"` if you need to send very large parameters. – Barmar Dec 29 '16 at 17:07

1 Answers1

2

If you urlencode() No Error URL string, you get the following:

66733%2C17234%2C65585%2C16126%2C1790%2C45282%2C2522504%2C36297%2C66733%2C17234%2C65585%2C16126%2C45282%2C25613%2C44739%2C43419%2C19521%2C49195%2C34736%2C59717%2C3701%2C11671%2C24810%2C12358%2C66733%2C17234%2C65585%2C16126%2C1790%2C45282%2C25613%2C27092%2C60758%2C21701%2C44739%2C54036%2C20215%2C63234%2C59201%2C43419%2C19521%2C49195%2C34736%2C59717%2C3701%2C11671%2C24810%2C12358%2C19600%2C67182%2C47380%2C43313%2C4421%2C44779%2C32417%2C39457%2C48284%2C19056%2C35821%2C11085%2C12306%2C22573%2C12131%2C19561%2C61720%2C3923%2C43192%2C28483%2C8768%2C26383%2C3758%2C54901%2C32784%2C1109%2C6860%2C36101%2C375%2C1547%2C16996%2C15377%2C37769%2C5248%2C8171%2C25155%2C49890%2C8658%2C22504

If you then pass this in a URL by using echo $_GET['notin'], it shows the correct value with a string count of 507:

66733,17234,65585,16126,1790,45282,2522504,36297,66733,17234,65585,16126,45282,25613,44739,43419,19521,49195,34736,59717,3701,11671,24810,12358,66733,17234,65585,16126,1790,45282,25613,27092,60758,21701,44739,54036,20215,63234,59201,43419,19521,49195,34736,59717,3701,11671,24810,12358,19600,67182,47380,43313,4421,44779,32417,39457,48284,19056,35821,11085,12306,22573,12131,19561,61720,3923,43192,28483,8768,26383,3758,54901,32784,1109,6860,36101,375,1547,16996,15377,37769,5248,8171,25155,49890,8658,22504

if you do the same for Error URL using the following below, you get a string count of 513 which means your are over the default character limit if the suhosin patch is installed.

66733%2C17234%2C65585%2C16126%2C1790%2C45282%2C2522504%2C36297%2C66733%2C17234%2C65585%2C16126%2C45282%2C25613%2C44739%2C43419%2C19521%2C49195%2C34736%2C59717%2C3701%2C11671%2C24810%2C12358%2C66733%2C17234%2C65585%2C16126%2C1790%2C45282%2C25613%2C27092%2C60758%2C21701%2C44739%2C54036%2C20215%2C63234%2C59201%2C43419%2C19521%2C49195%2C34736%2C59717%2C3701%2C11671%2C24810%2C12358%2C19600%2C67182%2C47380%2C43313%2C4421%2C44779%2C32417%2C39457%2C48284%2C19056%2C35821%2C11085%2C12306%2C22573%2C12131%2C19561%2C61720%2C3923%2C43192%2C28483%2C8768%2C26383%2C3758%2C54901%2C32784%2C1109%2C6860%2C36101%2C375%2C1547%2C16996%2C15377%2C37769%2C5248%2C8171%2C25155%2C49890%2C8658%2C22504%2C36297

I suspect you have the suhosin patch installed so you will need to extend this limit by changing the following in your PHP.ini:

suhosin.get.max_value_length = <limit>

See:

http://php.net/manual/en/reserved.variables.get.php

Kitson88
  • 2,889
  • 5
  • 22
  • 37