0

I have a simple page to print some data from database. I use php GET variable, (I know its deprecated, but it's work on local network).

It's working perfectly but if 'valami' length is bigger the 'valami' variable disappearing. When the length is 1061 it does not work

In the php.ini: 

max_input_vars=3000

Also the aid variable from the end of the Querystring does get seen by my code? So it does not appear to be a querystring length issue.

What is the problem?

PHP5

print_fizet.php?valami=28925|28926|28927|28928|28929|28930|28931|28932|28933|28934|28935|28936|28937|28938|28939|28940|28941|28942|28943|29055|29056|29057|29058|29059|29060|29061|29062|29073|29074|29075|29076|29077|29078|29079|29080|29092|29094|29095|29096|29097|29098|29099|29100|29101|29102|29103|29104|29105|29106|29107|29108|29109|29110|29111|29125|29142|29143|29144|29145|29146|29150|29151|29152|29168|29169|29170|29171|29172|29173|29174|29175|29176|29177|29178|29179|29180|29181|29182|29183|29184|29185|29186|29187|29188|29189|29190|29191|29192|29193|29194|29195|29196|29197|29198|29199|29200|29201|29202|29203|29204|29205|29206|29207|29208|29209|29210|29211|29212|29213|29230|29231|29232|29259|29260|29264|29265|29270|29281|29291|29292|29299|29300|29301|29303|29318|29339|29345|29346|29347|29348|29349|29350|29351|29352|29353|29360|29361|29367|29368|29369|29370|29371|29385|29386|29387|29388|29408|29409|29410|29411|29412|29413|29434|29435|29436|29490|29491|29508|29519|29523|29524|29525|29526|29527|29533|29534|29535|29545|29546|29547|29548|29549|29550|29551|29552|29554|29581&aid=23

UPDATE

When I do a 

var_dump($_GET);

The output is 

array(1) { 
    ["aid"]=> string(2) "23" 
}

All I get is the variable from the end of the querystring

When I make a shorter valami variable It works: 

array(2) { 
    ["valami"]=> string(509) "29197|...|29581" 
    ["aid"]=> string(2) "23" 
}
RiggsFolly
  • 93,638
  • 21
  • 103
  • 149
Attila Balog
  • 3
  • 2
  • 1
    check this. https://stackoverflow.com/questions/7724270/max-size-of-url-parameters-in-get – ascsoftw Jul 22 '19 at 09:18
  • 1
    Could you please show us your php code? Otherwise we can only guess and that's not very helpful. – LLJ97 Jul 22 '19 at 09:18
  • The code only: var_dump($_GET); The output: array(1) { ["aid"]=> string(2) "23" } – Attila Balog Jul 22 '19 at 09:31
  • Can you show us a `var_dump($_GET)` when the query string is a lot shorter and appears to work please – RiggsFolly Jul 22 '19 at 09:38
  • What happens if you urlencode the pipe character? `|` => `%7C` – Exceptional NullPointer Jul 22 '19 at 09:50
  • When I make a shorter 'valami' variable Its work: array(2) { ["valami"]=> string(509) "29197|...|29581" ["aid"]=> string(2) "23" } – Attila Balog Jul 22 '19 at 09:54
  • Can you run a `$x = ini_set('max_input_vars', 4000);` and then echo `$x;` This is so you can test if the 'max_input_vars' param in `php.ini` is really set to `3000` as `$x will show you the old value i.e. the value that is really in `php.ini` – RiggsFolly Jul 22 '19 at 09:59

2 Answers2

0

You can update max_input_vars length from 1000 to 3000 and so on as you want. Try below code to increase input vars length.put this code on starting of the script.

ini_set('max_input_vars', 3000);

I hope this will helpfull for you.

Shivam Patidar
  • 11
  • 8
  • Hi Shivam! The variable now is 3000. The variable in end of url (aid) is work, so I think not the length of url is problem – Attila Balog Jul 22 '19 at 09:30
  • This is clearly not the relevant setting here. The default value for this one is 1,000, and since we are dealing with _two_ parameters here only, increasing this to 3,000 will of course achieve nothing at all. This setting is about the _number_ of accepted parameters, not their length. – misorude Jul 22 '19 at 11:02
0

It appears you're hitting a limit for maximum length of a GET variable - possibly 1024. This is most likely due to the PHP version you use. I've found this note on php.net that may be of use to you: https://www.php.net/manual/en/reserved.variables.get.php#101469

Andrew
  • 827
  • 2
  • 6
  • 14
  • I can't find an answer to that. By default, it's not something that you can change in the ini file. I can't find any clues either about which PHP version supports which length, but I'd imagine if you upgraded your PHP version, you'd get better results. Either way, using GET variables of this length probably counts as a bad practice because of limitations like this (or even browser-limitations in some edge-cases), so I'd rather advise changing to POST. – Andrew Jul 22 '19 at 09:58
  • 1
    OK Guys! The solution: suhosin.get.max_value_length change to 3000 (the dafault 512) and work perfectly. Thanks everybody for help – Attila Balog Jul 22 '19 at 11:01