Warning: Input variables exceeded 1000

Question

I\'m building a RESTS like service in PHP that should accept a large JSON post as main data (I send and read the data much like discussed here: http://forums.laravel.io/view

Answer 1

I can accept that PHP has such a limit in place; it does make sense. What I cannot accept (and is one of the many reasons that make it very difficult for me to take PHP seriously as a programming language) is that processing then just continues with the truncated data, potentially overwriting good data with incomplete data. Yes, the data should be validated additionally before persisting it. But this behavior is just begging for troubles.

That said, I implemented the following to prevent this from happening again:

$limit = (int)ini_get('max_input_vars');
if (count($_GET) >= $limit) {
    throw new Exception('$_GET is likely to be truncated by max_input_vars (' . $limit . '), refusing to continue');
}
if (count($_POST) >= $limit) {
    throw new Exception('$_POST is likely to be truncated by max_input_vars (' . $limit . '), refusing to continue');
}
if (count($_COOKIE) >= $limit) {
    throw new Exception('$_COOKIE is likely to be truncated by max_input_vars (' . $limit . '), refusing to continue');
}

Note that truncation doesn't necessarily happen at the limit. My limit was set to the default 1000, but $_POST still ended up having 1001 elements.