View Full Version : Is there anything to limit the submission of dangerously large amounts of POST data?

09-29-2009, 11:20 PM

Something tells me that I should already know the answer to this, but:

I'm used to validating the lengths of string variables (e.g. in PHP) before the contents are sent into character fields in a database, but I was wondering whether there was anything to stop an unscrupulous person from submitting a huge amount of post data so that it caused the overflow of a PHP variable (when the data was received by the web server).

I know that string variables / variants in most server-side scripting languages will store far more character data than can be sent via the HTTP GET method, but isn't it possible to send really large objects using the POST method?

I've no doubt I'm missing some fairly fundamental information here, but if anyone could provide me with an explanation then that would be very helpful.


09-30-2009, 06:37 AM
Actually i tested this and it seems that once the php memory limit is reached, the suspicious script just gets killed.

Not allowing post data is not really what php does i guess because a file is also sent through post requests. However, i think there is a limit on get requests.

10-01-2009, 01:10 AM
Thanks, hthought!

I kind of assumed that there'd be something to prevent problems, as I've never seen this issue raised anywhere else.

Looks as though PHP has some sort of inbuilt protection, and so I'm guessing that other modern Web languages do too.

Thanks again for your help! :D