PHP 警告:未知:输入变量超过 1000

2022-01-13 00:00:00 centos php

当我的页面上的表单向我的服务器发送 POST 数据时,我收到一个新的 php 警告.警告如下:

I am getting a new php warning when a POST data from a form on my page to my server. The warning is as follows:

PHP 警告:未知:输入变量超过 1000.增加限制更改 php.ini 中的 max_input_vars.在第 0 行的未知中,引用者:https://mywebsite.com/index.php

PHP Warning: Unknown: Input variables exceeded 1000. To increase the limit change max_input_vars in php.ini. in Unknown on line 0, referer: https://mywebsite.com/index.php

问题是我的表单没有近 1000 个输入变量,所以我很困惑为什么会出现这种情况.附带说明一下,直到最近我才遇到这个问题,我怀疑当我运行 yum update 时发生了一些更改/安装了导致此问题的原因.任何建议或答案表示赞赏.

The thing is that my form does not have near 1000 input variables, so I am baffled as to why this is appearing. As a side note, I have not had this problem until recently and I suspect that when I ran yum update something changed/was installed that is causing this. Any advice or answers are appreciated.

编辑 1:所以我做了 var_dump($_REQUEST) 并得到了大约 1000 个单个字符串.数组中的前几个项目是它们应该是的,但随后一堆我不需要提交的东西被分解成单个字符串.欢迎提出想法.

EDIT 1: So I did var_dump($_REQUEST) and got ~1000 single character strings. The first couple items in the array are what they should be, but then a bunch of stuff that I don't need submitted is broken down into single character strings. Thoughts welcome.

array(1001) { 
    ["action"]=> string(10) "step1_show" 
    ["submit"]=> string(6) "Step 1" 
    [0]=> string(1) "a" 
    [1]=> string(1) "c" 
    [2]=> string(1) "t" 
    [3]=> string(1) "i" 
    [4]=> string(1) "o" 
    [5]=> string(1) "n" 
    [6]=> string(1) "=" 
    [7]=> string(1) "l" 
    [8]=> string(1) "o" 
    [9]=> string(1) "g" 
    [10]=> string(1) "o" 
    [11]=> string(1) "u" 
    [12]=> string(1) "t" 
    [13]=> string(1) "&" 
    [14]=> string(1) "p" 
    [15]=> string(1) "r" 
    [16]=> string(1) "o" 
    [17]=> string(1) "p" 
    [18]=> string(1) "e" 
    [19]=> string(1) "r" 
    [20]=> string(1) "t" 
    [21]=> string(1) "y" 
    [22]=> string(1) "=" 
    [23]=> string(1) "3" 
    [24]=> string(1) "7" 
    [25]=> .....     

回答:它最终成为我的提交处理程序的问题.谢谢大家的意见.

ANSWER: It ended up being a problem with my submit handler. Thanks all for your input.

推荐答案

这是 PHP 中的一个新设置/值(与安全更新有关,以防止对 PHP 脚本的攻击),所以你在更新后得到这个(在 PHP 5.3 之前).9 未设置/可用,suhosin 用户自古以来就有类似的事情).

That's a new setting / value in PHP (related to a security update to prevent attacks to PHP scripts), so you get this after the update (before PHP 5.3.9 not set/available, suhosin users have a similar thing since ages).

输入值有不同的种类,数组成员也很重要.因此,仅计算表单字段还不够,还要查看 URL 和其他与输入相关的地方($_GET$_POST$_SERVER$_ENV$_FILES$_COOKIE ...).

Input values are of different kinds and array members count as well. So it's not enough to count form fields but also to take a look into the URL and other places related to input ($_GET, $_POST, $_SERVER, $_ENV, $_FILES, $_COOKIE ...).

参见max_input_vars:

可以接受多少个输入变量.使用该指令可以降低使用哈希冲突的拒绝服务攻击的可能性.如果输入变量多于该指令指定的数量,则会发出 E_WARNING,并从请求中截断更多输入变量.此限制仅适用于多维输入数组的每个嵌套级别.

How many input variables may be accepted. Use of this directive mitigates the possibility of denial of service attacks which use hash collisions. If there are more input variables than specified by this directive, an E_WARNING is issued, and further input variables are truncated from the request. This limit applies only to each nesting level of a multi-dimensional input array.

相关文章