new limit within php: 1000 fields per POST. Does someone know, if the number can be influenced?

In newer PHP-Versions the count of input-fileds per formula (POST) will be limited to 1000 (unverified information). It seams that this limit is already installed in certain builds of 5.2. This causes a lot of problems at our online shop.

Does someone know more about it and if this limit could be influenced by parameters or Vars. I just found max_input_vars, but it seems to be a complete new var of 5.4.RC4 And I'm not sure, if this var will be the one for the POST method.

max_input_vars

is an attempt for PHP to solve some security issues and when set, it limits your number of inputs (thus, fields in your forms). Also beware of

max_input_nesting_level

And yes - they are configurable. Just edit your php.ini or htaccess values.

I too have come across this issue, working on a localised installation of my code, and Debian Sid has upgraded to 5.4 RC4 PHP. A form of over 7000 lines with checkboxes (!) suddenly only processed 1001 of these in the $_POST data...head scratching for a few hours.

Made the change in /etc/php5/apache2/php.ini:

max_input_vars = 5000

save, and restart apache, and it's all good now.

If you cannot/ do not want to increase the server limit, here is another solution

<!-- 10000 checkboxes outside the FORM. You do not want to post this -->
<input class="cbox" type="checkbox" value="1"  id="id-1" checked name="id[]">
....
<input class="cbox" type="checkbox" value="10000"  id="id-10000" checked name="id[]">
<form method="POST" action="postpage.php">
    <input type="hidden" id="cboxes" name="cboxes" class="cboxes" value="" />
    <input type="submit" onclick="return clicked();">
</form>
 

then using jquery

<script>
function clicked() {
	var cb = $('.cbox:checked').map(function() {return this.value;}).get().join(',');
	$('#cboxes').val(cb);
	return true;
}
</script>

Using POST I tested posting 10000 records.

In the server

$cboxes = $_POST['cboxes'];
$cbox_exp =(explode(',', $cboxes));
print_r(count($cbox_exp)); //gives me 10000

Just wanted to summarize and point out a few things:

1. Limitations can be PHP as mentioned above.

2. Limitations can be web server also mentioned above.

3. Suhosin limitations only apply if it is installed. Settings are changed in php.ini

4. Beware of browser URL length limits if you attempt to submit that much data in the URL

Restart your web server after changing any server settings.

Apparently it looks like a patch on linux environment causing this issue. If your server has this patch 'suhosin', likely to be the issue. Also its not possible to override this in runtime rather include in your php.ini

suhosin.post.max_array_depth 

suhosin.post.max_array_index_length 

suhosin.post.max_name_length 

suhosin.post.max_totalname_length 

suhosin.post.max_vars 

suhosin.post.max_value_length 

It's always good to just stringify some of the data you're submitting – rather than change this limit within PHP. For example, if you're sending in stuff via Ajax, or via a form field, just stringify the field that's causing the problem.

The limit is on the 'number' of fields and not the 'length', if that makes sense.

These changes tend to be well documented. Are you sure that it's been backported to 5.2? Where did you read so? It seems more likely that you are hitting some other limit such as post_max_size or Apache's LimitRequestFields, or even a PHP security mod like Suhosin.

(Furthermore, PHP 5.2 is no longer supported, so I doubt it'd receive such upgrade.)

If you are using Dreamhost like me you can create a phprc file inside /home/<<siteuser>>/.php/<<X.Y>> (siteuser = the user your site runs under, and X.Y = php version eg 7.2)

Inside the phprc I added max_input_vars = 2000

You must then kill all the PHP processes to take effect using killall -9 php72.cgiif you were on PHP version 7.2

More info here https://help.dreamhost.com/hc/en-us/articles/214200668-How-do-I-create-a-phprc-file-via-SSH-

If you do not use multiple or more than 1000 input fields you can be concatenating multiple inputs with any special character, for example @

<input type='text' name='hs1' id='hs1'>
<input type='text' name='hs2' id='hs2'>
<input type='text' name='hs3' id='hs3'>
<input type='text' name='hs4' id='hs4'>
<input type='text' name='hs5' id='hs5'>

<input type='hidden' name='hd' id='hd'>

using any script (JavaScript or JScript)

document.getElementById("hd").value =     document.getElementById("hs1").value+"@"+document.getElementById("hs2").value+"@"+document.getElementById("hs3").value+"@"+document.getElementById("hs4").value+"@"+document.getElementById("hs5").value

with this concept you will be bypass the max_input_vars issue. If you increase the max_input_vars in php.ini file that is harmful to server. Because they use more server cache memory and sometimes they will crash the server.