Warning: Input variables exceeded 1000
I found out that the right way to handle json data directly in PHP (via file_get_contents('php://input')
) is to make sure the request sets the right content-type i.e. Content-type: application/json
in the HTTP request header.
In my case I'm requesting pages from php using curl with to this code:
function curl_post($url, array $post = NULL, array $options = array()) {
$defaults = array(
CURLOPT_POST => 1,
CURLOPT_HEADER => 0,
CURLOPT_URL => $url,
CURLOPT_FRESH_CONNECT => 1,
CURLOPT_RETURNTRANSFER => 1,
CURLOPT_FORBID_REUSE => 1,
CURLOPT_TIMEOUT => 600
);
if(!is_null($post))
$defaults['CURLOPT_POSTFIELDS'] = http_build_query($post);
$ch = curl_init();
curl_setopt_array($ch, ($options + $defaults));
if(($result = curl_exec($ch)) === false) {
throw new Exception(curl_error($ch) . "\n $url");
}
if(curl_getinfo($ch, CURLINFO_HTTP_CODE) != 200) {
throw new Exception("Curl error: ".
curl_getinfo($ch, CURLINFO_HTTP_CODE) ."\n".$result . "\n");
}
curl_close($ch);
return $result;
}
$curl_result = curl_post(URL, NULL,
array(CURLOPT_HTTPHEADER => array('Content-Type: application/json'),
CURLOPT_POSTFIELDS => json_encode($out))
);
Do note the CURLOPT_HTTPHEADER => array('Content-Type: application/json')
part.On the receiving side I'm using the following code:
$rawData = file_get_contents('php://input');
$postedJson = json_decode($rawData,true);
if(json_last_error() != JSON_ERROR_NONE) {
error_log('Last JSON error: '. json_last_error().
json_last_error_msg() . PHP_EOL. PHP_EOL,0);
}
Do not change the max_input_vars
variable. Since changing the request to set right headers my issue with max_input_vars
went away. Apparently does not PHP evaluate the post variables with certain Content-type
is set. PHP Warning: Unknown: Input variables exceeded 1000
That's a new setting / value in PHP (related to a security update to prevent attacks to PHP scripts), so you get this after the update (before PHP 5.3.9 not set/available, suhosin users have a similar thing since ages).
Input values are of different kinds and array members count as well. So it's not enough to count form fields but also to take a look into the URL and other places related to input ($_GET
, $_POST
, $_SERVER
, $_ENV
, $_FILES
, $_COOKIE
...).
See max_input_vars
:
How many input variables may be accepted. Use of this directive mitigates the possibility of denial of service attacks which use hash collisions. If there are more input variables than specified by this directive, an
E_WARNING
is issued, and further input variables are truncated from the request. This limit applies only to each nesting level of a multi-dimensional input array.
How to change max_input_vars
ASH's suggested
ini_set('max_input_vars','2000' );
but this never work with ini_set.You need to set it with php.ini or .htaccess file only.
php: max_input_vars exceeded 1000
This does not have anything to do with DB record count, rather with what is the data size that you are sending to server.
Following is what manual says:
How many input variables may be accepted (limit is applied to $_GET, $_POST and $_COOKIE superglobal separately). Use of this directive mitigates the possibility of denial of service attacks which use hash collisions. If there are more input variables than specified by this directive, an E_WARNING is issued, and further input variables are truncated from the request.
If you do not want to update php.ini you can try using .htaccess:
php_value max_input_vars 10000
PHP Warning: Unknown: Input variables exceeded 1000
On some distributions there are multiple php.ini files - one for cli, one for cgi and one for apache (or sapi).
If you use mod_php you might need to change /etc/php5/apache2/php.ini (this path is valid for Debian) and afterwards you must restart the webserver.
In order to find out which php.ini was used, you can create a small php script containing <?php phpinfo(); ?>
and execute it (using the webserver). There you will see which php.ini was used.
How should I track down PHP Warning: Input variables exceeded 1000
If it only happens occassionally and potentially also affects end users it's actually rather safe to just raise the limit - it's a limitation imposed for practical reasons to circumvent possible attacks.
Practically, to debug this I'd dive into edge cases. In a real world scenario I'd indeed expect this error to only occur when something is nested indefinitely. I'd insert a small detection script somewhere in code that's always included, for example:
function detectLargeInputs($name, $array)
{
if(count($array) > 500)
mail('mymail@domain.tld', 'Large input in '.$name,
print_r($array, true).print_r($_SERVER, true));
}
detectLargeInputs('GET', $_GET);
detectLargeInputs('POST', $_POST);
detectLargeInputs('COOKIE', $_COOKIE);
This should show the problem within a day, including the $_SERVER
info that also has fields like REQUEST_URI
and HTTP_REFERER
which should help you pinpoint the issue exactly. PHP E_WARNING Input variables exceeded not displayed
http://www.php.net/manual/en/errorfunc.configuration.php#ini.display-startup-errors
in your php.ini / htaccess
display_startup_errors = On
or you may need more...error_reporting = -1
display_errors = On
display_startup_errors = On
sadly you can't do nothing more than print or not to print it
Related Topics
A Better Way to Replace Emoticons in PHP
MySQL Insert ....On Duplicate Update - Adds One to the Autoincrement
Iconv_Strlen Function Causing Execution Timeout, Running on Mamp
How to Use PHPize After Update to MACos Mojave
What Sort Algorithm Does PHP Use
How to Skip Elements in Foreach Loop
How to JSON_Encode Array with French Accents
Why a Full Stop, "." and Not a Plus Symbol, "+", for String Concatenation in PHP
Check Image Dimensions (Height and Width) Before Uploading Image Using PHP
PHP to Easyphp MySQL Server 1 Second Connection Delay
How to Increase by 1 All Keys in an Array
Setting Default Values (Conditional Assignment)
Jquery:: Ajax Powered Progress Bar
Shortcodes Inside a Shortcode - Wordpress
Upload File Using Guzzle 6 to API Endpoint
Symfony: Form Issue Using Return Type Hinting in Doctrine Entity Methods