堆栈内存溢出
  简体   繁体   English

php.ini中的Max Input Vars在性能和安全性之间

[英]Max Input Vars in php.ini between performance and security

 原文  2014-04-21 14:28:22       php/ performance/ security/ phpbb3

问题描述

I had got a problem with submitting forms in my PHPbb3 forum, especially, those in administrations panel with large input fields, it is big forum indeed. 我在PHPbb3论坛中提交表单时遇到了问题,尤其是那些在大型输入字段的管理面板中,这确实是一个很大的论坛。 However, in the php log I noticed an warning: 但是,在php日志中我发现了一个警告: 

[21-Apr-2014 07:36:37 Europe/Belgrade] PHP Warning:  Unknown: Input variables exceeded 1000. To increase the limit change max_input_vars in php.ini. in Unknown on line 0

I increased the value to 2500 but the warning is still. 我将值增加到2500,但警告仍然是。 However, after setting it to 10000 it gone away and the form submitted correctly. 但是,在将其设置为10000后,它就消失了并且表单正确提交。

My question is: Does it has any problems with security or/and the performance of my server to be 10000? 我的问题是:它的安全性和/或我的服务器的性能是否有任何问题?

1 个解决方案

解决方案1
 2 已采纳  2014-04-21 14:34:14

Well certainly there are drawbacks of using thousands of variables in a form post. 当然,在表单帖子中使用数千个变量也有缺点。 Performance will drop on both sides, server and client. 服务器和客户端的性能都将下降。 All values are encoded, copied and decoded several times, so this eats up performance and memory. 所有值都经过多次编码,复制和解码,因此会降低性能和内存。 And what for? 那是为了什么?

But I'd say that this is not really the point. 但我要说这不是重点。 The thing you should give some thought is this: why the heck does that stuff required thousands of variables in a post? 你应该考虑的事情是这样的:为什么这些东西在帖子中需要数千个变量? That sounds insane . 这听起来很疯狂 I suggest you should rethink the architecture behind that. 我建议你重新考虑背后的架构。 There should be a much easier and more robust solution. 应该有一个更容易和更强大的解决方案。 A typical approach would be to encode all those variables in a single one, typically some JSON data block. 一种典型的方法是将所有这些变量编码为单个变量,通常是一些JSON数据块。

So far I have seen only one example of an architecture where someone tried to implement a csv file editor as a single html/http based form, posting all fields as separate variables . 到目前为止,我只看到一个架构示例,其中有人试图将csv文件编辑器实现为单个基于html / http的表单,将所有字段作为单独的变量发布 Believe me, there are better approaches for this. 相信我,有更好的方法。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 即使在 php.ini 中注释,也会设置 max_input_vars - max_input_vars set even if commented in php.ini php.ini max_input_vars被覆盖,不知道是什么 - php.ini max_input_vars overwritten, no idea by what 更改后 php.ini 中的 max_input_vars 未更新 - max_input_vars in php.ini not updating after change 使用ini_set设置max_input_vars PHP.ini指令 - setting max_input_vars PHP.ini directive using ini_set 如何永久增加 max_input_vars? php.ini 方法会定期被覆盖 - How can I permanently increase max_input_vars? The php.ini approach periodically gets overridden 将 max_input_vars 3000 添加到我的 .htaccess 文件和 php.ini 不起作用 - Adding max_input_vars 3000 to my .htaccess file and php.ini not working 如何在不访问php.ini文件的情况下更改godaddy服务器中的max_input_vars? - How to change max_input_vars in godaddy server without accessing php.ini file? php.ini中的max_input_vars实际上有什么影响,什么是安全的高值? - What does max_input_vars in php.ini actually affect and what is a safe high value? 在 XAMPP 中增加 php.ini 中的 max_input_var - Increasing max_input_var in php.ini in XAMPP 最长执行时间php.ini - Max execution time php.ini
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM