A summary of the 'limitations' often touched on in php.ini
max_execution_time
PHP maximum execution time, the default value in php.ini is 30, that is, after the page is executed for 30 seconds, the server will directly forcibly terminate the execution of the page.
For general pages, 30s is enough, but for some pages that require direct use of PHP execution for large amounts of data analysis, you need to adjust the value of max_execution_time based on the efficiency of page execution, and of course improve your algorithm as much as possible to get the best results. Optimal page execution efficiency.
max_input_vars
The maximum number of submitted forms (controls) in php. The default value in php.ini is 1000, that is, the number of controls (inputs) contained in a form form post data cannot exceed 1000.
1000 inputs are not enough? Can people fill it in? You may have such questions, but I did encounter such a problem during the actual programming process: upload an excel table document, use the PHPExcel class library to parse it, and then output it to a page for the user to confirm. After confirmation, press " "Submit data" is inserted into the database. Each unit of data is stored in form-input (hidden). The number of inputs is 200 (rows) * 8 (columns) = 1600, which exceeds the default number. As a result, the first one is inserted into the database each time. 125 pieces of data.
When I first encountered this problem, I directly output the value of $_POST on the page and found that there were only 125 records. It was determined that it was a problem with the post transmission. I found a few similar problem information on the Internet, which basically focused on PHP's post size limit. However, in php.ini I found that the default value of post_max_size is 32M, and the amount of data in a post form will not exceed 32M anyway. I don’t think the problem is the post size limit. I later realized that it might be a restriction on the control, and finally found that max_input_vars was a restriction on the post control. However, I can't find the relevant information about max_input_vars in the php.ini of wamp installed on my local machine, so I can only add it myself.
<code><span>; Maximum input variable nesting level</span><span>; http://php.net/max-input-nesting-level</span><span>;max_input_nesting_level = 64</span><span>max_input_vars = <span><span>5000</span>; //默认<span>1000</span></span></span><span>; Maximum amount of memory a script may consume (128MB)</span><span>; http://php.net/memory-limit</span><span>memory_limit = <span><span>128</span>M</span></span></code>
upload_max_filesize and post_max_size
One is the maximum limit for uploading files, and the other is the maximum limit for posts.
When you need to use php post to upload large files, remember to change them (maximum file value max_input_time
This variable limits the time in seconds for receiving data through post and get methods. The default value is 60, which is 60s.
If your application is running on a slow link, you can increase this value to accommodate the additional time required to receive data.
The above has introduced a summary of the "restrictions" that are often touched in php.ini, including aspects of the content. I hope it will be helpful to friends who are interested in PHP tutorials.
How can you prevent session fixation attacks?Apr 28, 2025 am 12:25 AMEffective methods to prevent session fixed attacks include: 1. Regenerate the session ID after the user logs in; 2. Use a secure session ID generation algorithm; 3. Implement the session timeout mechanism; 4. Encrypt session data using HTTPS. These measures can ensure that the application is indestructible when facing session fixed attacks.
How do you implement sessionless authentication?Apr 28, 2025 am 12:24 AMImplementing session-free authentication can be achieved by using JSONWebTokens (JWT), a token-based authentication system where all necessary information is stored in the token without server-side session storage. 1) Use JWT to generate and verify tokens, 2) Ensure that HTTPS is used to prevent tokens from being intercepted, 3) Securely store tokens on the client side, 4) Verify tokens on the server side to prevent tampering, 5) Implement token revocation mechanisms, such as using short-term access tokens and long-term refresh tokens.
What are some common security risks associated with PHP sessions?Apr 28, 2025 am 12:24 AMThe security risks of PHP sessions mainly include session hijacking, session fixation, session prediction and session poisoning. 1. Session hijacking can be prevented by using HTTPS and protecting cookies. 2. Session fixation can be avoided by regenerating the session ID before the user logs in. 3. Session prediction needs to ensure the randomness and unpredictability of session IDs. 4. Session poisoning can be prevented by verifying and filtering session data.
How do you destroy a PHP session?Apr 28, 2025 am 12:16 AMTo destroy a PHP session, you need to start the session first, then clear the data and destroy the session file. 1. Use session_start() to start the session. 2. Use session_unset() to clear the session data. 3. Finally, use session_destroy() to destroy the session file to ensure data security and resource release.
How can you change the default session save path in PHP?Apr 28, 2025 am 12:12 AMHow to change the default session saving path of PHP? It can be achieved through the following steps: use session_save_path('/var/www/sessions');session_start(); in PHP scripts to set the session saving path. Set session.save_path="/var/www/sessions" in the php.ini file to change the session saving path globally. Use Memcached or Redis to store session data, such as ini_set('session.save_handler','memcached'); ini_set(
How do you modify data stored in a PHP session?Apr 27, 2025 am 12:23 AMTomodifydatainaPHPsession,startthesessionwithsession_start(),thenuse$_SESSIONtoset,modify,orremovevariables.1)Startthesession.2)Setormodifysessionvariablesusing$_SESSION.3)Removevariableswithunset().4)Clearallvariableswithsession_unset().5)Destroythe
Give an example of storing an array in a PHP session.Apr 27, 2025 am 12:20 AMArrays can be stored in PHP sessions. 1. Start the session and use session_start(). 2. Create an array and store it in $_SESSION. 3. Retrieve the array through $_SESSION. 4. Optimize session data to improve performance.
How does garbage collection work for PHP sessions?Apr 27, 2025 am 12:19 AMPHP session garbage collection is triggered through a probability mechanism to clean up expired session data. 1) Set the trigger probability and session life cycle in the configuration file; 2) You can use cron tasks to optimize high-load applications; 3) You need to balance the garbage collection frequency and performance to avoid data loss.
Hot AI Tools
Undresser.AI Undress
AI-powered app for creating realistic nude photos
AI Clothes Remover
Online AI tool for removing clothes from photos.
Undress AI Tool
Undress images for free
Clothoff.io
AI clothes remover
Video Face Swap
Swap faces in any video effortlessly with our completely free AI face swap tool!
Hot Article
Hot Tools
SublimeText3 Chinese version
Chinese version, very easy to use
Safe Exam Browser
Safe Exam Browser is a secure browser environment for taking online exams securely. This software turns any computer into a secure workstation. It controls access to any utility and prevents students from using unauthorized resources.
EditPlus Chinese cracked version
Small size, syntax highlighting, does not support code prompt function
SublimeText3 Linux new version
SublimeText3 Linux latest version
SecLists
SecLists is the ultimate security tester's companion. It is a collection of various types of lists that are frequently used during security assessments, all in one place. SecLists helps make security testing more efficient and productive by conveniently providing all the lists a security tester might need. List types include usernames, passwords, URLs, fuzzing payloads, sensitive data patterns, web shells, and more. The tester can simply pull this repository onto a new test machine and he will have access to every type of list he needs.
