Something tells me that I should already know the answer to this, but:
I'm used to validating the lengths of string variables (e.g. in PHP) before the contents are sent into character fields in a database, but I was wondering whether there was anything to stop an unscrupulous person from submitting a huge amount of post data so that it caused the overflow of a PHP variable (when the data was received by the web server).
I know that string variables / variants in most server-side scripting languages will store far more character data than can be sent via the HTTP GET method, but isn't it possible to send really large objects using the POST method?
I've no doubt I'm missing some fairly fundamental information here, but if anyone could provide me with an explanation then that would be very helpful.