0

This is my current code i am using to saveguard user post through form

$data_=$_POST['main_data'];
  $size=strlen($data_);
  $size=$size/1000;

  if( $size>500){
//i.e if greater than 500kb
 echo '__DATA_TOO_LARGE__';
 exit;
}

If main_data is a correct data which is less than 500kb (i did with 400kb), the speed at which it uploads is super fast, but i noticed that if i paste a very large texts in the form, it takes longer before it shows error text.

I thought this line:

if( $size>500){
//i.e if greater than 500kb
echo '__DATA_TOO_LARGE__';
exit;
}

should stop uploading immediately it hits 500kb marks but it seems i'm wrong and am forced to ask.

  1. Will php accepts the whole post data before it reaches my post limit condition?

  2. What if a user tries to post too large texts in the form deliberately or not, will it affect my website bandwidth usage.

  3. If it will, any work around such scenario to prevent the too large data?

Even though i can limit the text length with javascript but user can disable javascript.

The concise
  • 444
  • 4
  • 12
  • 1. Yes 2. Yes 3. Nothing that would not cause other issues – RiggsFolly Aug 26 '20 at 11:00
  • The post data is already present once the request hits the backend, you might want to validate that first in the frontend then additionally you can do that in the backend – TZiebura Aug 26 '20 at 11:01
  • You can use HTML and limit the input size (maxlength="") – Dieter Kräutl Aug 26 '20 at 11:02
  • 1
    You can limit the amount of POST data PHP will accept via the configuration, https://www.php.net/manual/en/ini.core.php#ini.post-max-size But then you have little control over what happens when the user tries to send more data - your own script won’t be triggered then, so the user will only get to see one of the default error documents (I think it would be either a 500 or 400, not sure right now.) – CBroe Aug 26 '20 at 11:03
  • @Dieter it's just texts – The concise Aug 26 '20 at 11:06
  • 1
    @DieterKräutl, you shouldn't ever enforce limits client side, as they can be easily circumvented if the request was done outside of a browser. – Ro Achterberg Aug 26 '20 at 11:08
  • I believe reading the CORS topic will be helpful for you. – Amin Shojaei Aug 26 '20 at 11:10
  • You have to decide why and where it's important to enforce your limit. Is it purely because of a better UX, purely because of server load and resource consumption, a mixture of both, or ...? This will help you decide on a strategy. – Ro Achterberg Aug 26 '20 at 11:14

1 Answers1

4

1. Will php accepts the whole post data before it reaches my post limit condition?

Yes

2. What if a user tries to post too large texts in the form deliberately or not, will it affect my website bandwidth usage.

Yes

3. If it will, any work around such scenario to prevent the too large data?

This is in php.ini settings. See the link.

Anton
  • 2,669
  • 1
  • 7
  • 15