This occurred on Windows 2000 server running IIS 5.0 and PHP 4.3.8. The problem did not occur when handled by Apache, even on another Windows server. Note: I realize passing this much data is best accomplished using the POST method, which would avoid this problem all together. I'm merely detailing a problem that I came across. I have created a page that includes the (very long) query string that was used and some of the results that I saw while testing. It can be viewed at http://www.csb7.com/test/php_iis_qs_limit/. I didn't want to include it here as it would stretch the page out significantly. ~Chris Bloom mfyahya at gmail dot com 07-Jun-2005 09:33 If you use Apache's redirection features for custom error pages or whatever, the following Apache's REDIRECT variables are also available in $_SERVER: $_SERVER['REDIRECT_UNIQUE_ID]' $_SERVER['REDIRECT_SCRIPT_URL]' $_SERVER['REDIRECT_SCRIPT_URI]' $_SERVER['REDIRECT_SITE_ROOT]' $_SERVER['REDIRECT_SITE_HTMLROOT]' $_SERVER['REDIRECT_SITE_CGIROOT]' $_SERVER['REDIRECT_STATUS]' $_SERVER['REDIRECT_QUERY_STRING]' $_SERVER['REDIRECT_URL]' I'm not sure if this is a complete list though mp at wds-tech dot de 02-Jun-2005 03:12 Also aviable is the $_SERVER['SERVER_ADDR'] which returns the current IP of the server the script is running on. webKami (et) AKDomains.com 24-May-2005 02:47 PHP Secure Class to prevent XSS Attacks Although this is not bullet proof but it would give you an idea on how to filter incoming data. Copyleft : LGPL Idea by: phpsec GROUP @ PHP|arch Coded By: webKami For those who are new to PHP and just heard of XSS attacks, this is the basic rule. "NEVER EVER TRUST EXTERNAL DATA" For this purpose I have coded a class that can be used to filter all external data, from POST, GET, COOKIE and even your own arrays. An example is that if you need only integers from a certain parameter just request for integer e.g. getVarInt("id") You can even tell it to give you a default value if param is not set, so that your page would not FAIL in case of a NULL value e.g. getVarInt("id",1) You can also fetch data from a param array, like a set of colors e.g. getVarInt("colors",0,0) e.g. getVarInt("colors",0,1) Get these variables in a loop limited by the count of that array's elements e.g. getVarCount("colors") The complete code of class and its usage can be found here http://www.webkami.com/programming/php/php-secure-class-to-avoid-xss |