Limit to number of $_POST variables?

[bulrush]

I have a single php page/form which could have upwards of 100 unique fields. In the first section of the form, I would have 5 fields per row, times 10 rows, that's 50 fields. In the next section I would have 3 fields per row, 10 rows, that's another 30 fields. Plus 2 more sections of 30 rows each, for an estimated 50+30+30+30 or 140 fields on one page.

 

What's the limit to the number of variables saved in the $_POST variable? I need to save each value in each of these fields to the database.

 

The problem I'm having is when I read these fields from the $_POST variable to save them to the db, the variables I assign the $_POST var to are blank.

 

p.s. Yes, I have to do it this way to duplicate a paper page on the screen. It is to make it easier for the customer to enter data and see everything at once.

 

[PFMaBiSmAd]

You either have a logic error that is clearing the $_POST array (edit: or a logic error that is attempting to access the $_POST variables at a point in time when they are not set) or your form's HTML is invalid  or you are exceeding the post_max_size setting or the Suhosin hardened php patch is installed on your server (though I think it just cuts off variables after x amount.)

 

What is your code that is producing the form and your form processing code?

What is an estimate of the total size of the form data v.s. what a phpinfo() statement shows for the the  post_max_size setting?

Does you server have the Suhosin hardened php patch?

 

Does this work for a smaller amount of data?

[bulrush]

I have printed out the phpinfo() page. It is 19 printed pages long.

PHP version: 5.2.6

MySQL version: 4.1.11

post_max_size=50M

 

We rent a server from another company. I cannot find any information about a Suhosin patch on the phpinfo() page. Would it be in a sub-section of the phpinfo() page? If so, where?

 

As far as data in the form boxes (text boxes, text areas, select boxes, etc), on this page, the data would total not more than 1000 characters. It's probably closer to 500 characters.

 

This seems to be a pretty generic server. It seems to support Mysql, and the image library, but not much else. (It is from Mediatemple.com.)

 

As far as my form code goes, this is a form where, when the user clicks the Submit button, it calls the same form, but simply calls a routine to save the data on the form. I have a problem during the save data portion where some my $_POST variables are not set. And it is for the variables representing fields further down the form.

 

You see, when the user submits the form, the first thing I do is save the data in the top part of the form (containing part info). I do a query, then save the info. Next I save the Features in the bottom part of the form. This is where the POST variables seem to disappear.

 

Do POST variables get cleared when I execute a mysqli_query()? Or when I do mysqli_num_rows()?

 

[kenrbnsn]

Can you post your code? Both for the form and the processing? That would help us in helping you.

 

Ken

[PFMaBiSmAd]

I was being a bit more literal when asking what your code for the form and the form processing was. We can assume what your code is attempting to do. However, what it is actually doing is not working and no one can help with what it is doing without seeing it.

 

If the form is valid HTML and it is submitting all the data you expect, nothing php does will overwrite the data (unless register_globals are on, which since they were turned off by default over 8 years ago should not be a factor) and it is highly likely that either the data is not being submitted by the form or your code is doing something to overwrite the missing data or is not using the correct variables where the data is at.

[bulrush]

Disclaimer: this is a rhetorical situation that may or may not have representation in the real world. Do not spindle, fold, or mutilate. Do not use in the shower. Do not use for 20 minutes after eating. Do not subject to extreme heat or extreme cold.

 

<?php session_start(); 
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
  "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
  <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
  <title>Product Edit Screen</title>
  <link rel="stylesheet" type="text/css" href="style.css" />
</head>
<body>
<?php
require_once('navmenu.php');
require_once('connectvars.php');
require_once('constants.php');

// Connect to the database 
$dbc = mysqli_connect($host, $user, $password, $database);

$errcnt=0;
if (isset($_POST['submit'])) //Try to save items first.
    {
    //First get GID based on cbxGroupname.
    //$s=$_POST['cbxGroupname'];  
    //$arr=explode('#',$s);
    //$gname=$arr[0]; //Group name
    //$basemodel=$arr[1];
    
    //$query="SELECT grid, groupname FROM hgroup WHERE (groupname='".$gname."') AND ".
    //"(basemodel='".$basemodel."');"; 
    $grid=$_SESSION['grid'];
if (($grid==0) or (empty($grid)))
	{
	$s='<p class="error">ERROR: group id not found: '.$query.'</p>';
	echo $s;
	die();
	}

    //Loop through all n rows to save data. 
    //For each part, make sure it is not in table already.
    for ($z=1; $z<=MAXPARTROWS; $z++)
        {
        $descvar=trim($_POST['txtDesc'.$z]);
        //$modelvar=trim(mysql_real_escape_string($_POST['txtModel'.$z]));
        $modelvar=trim($_POST['txtModel'.$z]);
        $pricevar=trim($_POST['txtPrice'.$z]);
        if (!ereg('\.',$pricevar))
            {
            $pricevar.='.00';
            }
            
        $heightvar=trim($_POST['txtHeight'.$z]);
        $heightvar=str_replace('"','',$heightvar);
        $heightvar=str_replace('\\','',$heightvar);

        $depthvar=trim($_POST['txtDepth'.$z]);
        $depthvar=str_replace('"','',$depthvar);
        $depthvar=str_replace('\\','',$depthvar);
        
        $widthvar=trim($_POST['txtWidth'.$z]);
        $widthvar=str_replace('"','',$widthvar);
        $widthvar=str_replace('\\','',$widthvar);
        //echo '$descvar '.$descvar.' $modelvar '.$modelvar.'<br/>'; //DEBUG
        
        if (strlen($modelvar)==0)
            {
            //$msg='ERROR: Model '.$z.' is blank. Model not saved.';
            //echo '<p class="error">'.$msg.'</p>;
            }
        else {
            //First check that this part is not in hproduct table.
            $qry="SELECT * FROM hproduct WHERE pnumber='".$modelvar."'";
            //echo "<br>Check for dupe model: $qry<br/>";
            if ($result=mysqli_query($dbc,$qry))
                {
                $i=mysqli_num_rows($result);
                //echo "--Found $i rows for model $modelvar<br/>";
                if ($i>0)
                    {
                    //Found model. Cannot add it!
                    $msg='ERROR: Model '.$modelvar.' already exists. It was not saved.';
                    echo '<br class="error">'.$msg.'</br>';
                    //die();
                    }
                
                else {
                    //Now insert new part.
                    $query="INSERT INTO hproduct (grid, pnumber, description, ".
                    "price, height, depth, width, createuser, createdate) " .
                    "VALUES ($grid".
                    ", '".$modelvar."'" .
                    ", '".$descvar."'".
                    ", '".$pricevar."'".
                    ", '".$heightvar."'".
                    ", '".$depthvar."'".
                    ", '".$widthvar."'".
                    ", '".$_SESSION['username']."'".
                    ", NOW() ".
                    ");";
                    //echo "Save model: $query<br/>"; //DEBUG
                    if (!$result=mysqli_query($dbc,$query))
                        {
                        $msg=mysql_error(); //There was an error.
                        echo '<p class="error">ERROR: '.$msg.'<br/>'.$query.'</p>';
                        die();
                        }
                    else {
                        echo '<br><font color="blue">Saved model '.$modelvar.' '.$descvar.'</font></br>';
                        }
                    }
            	}
            } //else
        } //for z, saving parts

//Save features
echo '<br/>'; //DEBUG
    for ($z=1; $z<=MAXFEATROWS; $z++)
        {
        $featid=trim($_POST['txtFeatid'.$z]);
        $feattext=trim($_POST['txtFeat'.$z]);
        $featlevel=trim($_POST['cbxFeatindent'.$z]);
        echo '$z='.$z.', featid='.$_POST['txtFeatid'.$z].', feattext='.$feattext.'<br/>'; //DEBUG
        if ((strlen($featid)==0) or (empty($featid)))
        	{
            echo '<p class="error">ERROR: Feature featid is blank.</p>';
            die();
        	}
        if (strlen($feattext)>0)
        	{
            $query="INSERT INTO feature (grid, feattext, featlevel, ".
            " createuser, createdate) " .
            "VALUES ($grid".
            ", '".$feattext."'" .
            ", '".$featlevel."'".
            ", '".$_SESSION['username']."'".
            ", NOW() ".
            ");";
            //echo "Save Feature: $query<br/>"; //DEBUG
            if (!$result=mysqli_query($dbc,$query))
                {
                $msg=mysql_error(); //There was an error.
                echo '<p class="error">ERROR inserting Feature: '.$msg.'<br/>'.$query.'</p>';
                die();
                }
            else {
                //echo '<br><font color="blue">Saved new feature '.$feat.'</font></br>';
                }
            }
         else { //Update existing feature
            $query="UPDATE feature SET feattext='".$feattext."' ".
            "featlevel='".$featlevel."' " .
            "updateuser='".$_SESSION['username']."' ".
            "updatedate=NOW() ".
            "WHERE featid=".$featid.";";
            //echo "Save Feature: $query<br/>"; //DEBUG
            if (!$result=mysqli_query($dbc,$query))
                {
                $msg=mysql_error(); //There was an error.
                echo '<p class="error">ERROR updating Feature: '.$msg.'<br/>'.$query.'</p>';
                die();
                }
            else {
                //echo '<br><font color="blue">Updated feature '.$feat.'</font></br>';
                }
         	}
	} //for z, save Features
    echo '<br><font color="blue">Saved features. </font></br>';

    } //if isset($_POST['submit']
?>

<!-------------------------------------------------------->
<?php 
echo 'Session grid: '.$_SESSION['grid'];
echo ', $_POST[cbxGroupname]='.$_POST['cbxGroupname'];
?>
<h2>Proto3: Product Edit v.10c</h2>
<p>This screen is used to edit products.

<form action="<?php echo $_SERVER['PHP_SELF'].'?'.SID; ?>" method="post">

<hr/>
<?php
$gname=$_SESSION['groupname'];
echo '<label for="txtGroupname">Group name</label>';
echo '<INPUT TYPE="Text" NAME="txtGroup" disabled size="70" value="'.$gname.'" >';

echo '<label for="txtGrid">GID:</label>';
echo '<INPUT TYPE="Text" NAME="txtGrid" SIZE="10" disabled value="'.$_SESSION['grid'].'" >';
?>

<p><table>
<tr><td>Description <td>Height <td>Depth <td>Width <td>Model Number <td>Non-fabric<br/>Price <td>PID

<?php
//Select parts based on $grid. Then fill in text boxes.
$grid=trim($_SESSION['grid']);
    //Do query and loop here.
    //Show Parts plus some empty boxes after them.
    $query = "SELECT pid, grid, description, pnumber, price, height, depth, width ".
    "FROM hproduct ".
    "WHERE grid = '".$grid."' ".
    "ORDER BY pid ".
    ";";
    //echo "Query: $query<br/>";
    if (!$result=mysqli_query($dbc,$query))
        {
        $msg=mysql_error();
        echo '<p class="error">ERROR: '.$msg.'<br/>'.$query.'</p>';
        die();
        }
    $num=mysqli_num_rows($result);
    if ($num==0)
        {
        $msg="<p class=\"error\">ERROR: No parts found with grid=$grid. $query</p>";
        //die($msg);
        }
    $x=1; //Starting number of part.
    while ($row = mysqli_fetch_array($result)) 
        { 
        // Display the score data
        echo '<tr valign="top">';

        $s='<tr><td><input type="text" name="txtDesc'.$x.'" value="'.$row['description'].'" size="25" />';
        echo "$s\n";
        $s='<td><input type="text" name="txtHeight'.$x.'" value="'.$row['height'].'" size="6" />';
        echo "$s\n";
        $s='<td><input type="text" name="txtDepth'.$x.'" value="'.$row['depth'].'" size="6" />';
        echo "$s\n";
        $s='<td><input type="text" name="txtWidth'.$x.'" value="'.$row['width'].'" size="6" />';
        echo "$s\n";
        $s='<td><input type="text" name="txtModel'.$x.'" value="'.$row['pnumber'].'" size="20" />';
        echo "$s\n";
        $s='<td><input type="text" name="txtPrice'.$x.'" value="'.$row['price'].'" size="6" />';
        echo "$s\n";
        $s='<td><input type="text" name="txtPid'.$x.'" value="'.$row['pid'].'" disabled size="6"/>';
        echo "$s\n";
        $s='</tr>';
        echo "$s\n";

        echo "$s\n";
        echo '</tr>';
        $x++;
        } # while
$z=$x+10;
    for ($x=$x+1; $x<=$z; $x++) //Add some blank part rows after existing parts.
        {
        $s='<tr><td><input type="text" name="txtDesc'.$x.'" value="" size="25" />';
        echo "$s\n";
        $s='<td><input type="text" name="txtHeight'.$x.'" value="" size="6" />';
        echo "$s\n";
        $s='<td><input type="text" name="txtDepth'.$x.'" value="" size="6" />';
        echo "$s\n";
        $s='<td><input type="text" name="txtWidth'.$x.'" value="" size="6" />';
        echo "$s\n";
        $s='<td><input type="text" name="txtModel'.$x.'" value="" size="20" />';
        echo "$s\n";
        $s='<td><input type="text" name="txtPrice'.$x.'" value="" size="6" />';
        echo "$s\n";
        $s='<td><input type="text" name="txtPid'.$x.'" value="" disabled size="6"/>';
        echo "$s\n";
        $s='</tr>';
        echo "$s\n";
        }
?>
</table>

<p><table>
<tr valign="bottom"><td>Indent<br/>level<td>Features <td>FeatID
<?php
    //Do query and loop here.
    //Show Features plus some empty boxes after them.
    $query = "SELECT featid, grid, featlevel, feattext ".
    "FROM feature ".
    "WHERE grid = '".$grid."' ".
    "ORDER BY featid ".
    ";";
    //echo "Query: $query<br/>";
    if (!$result=mysqli_query($dbc,$query))
        {
        $msg=mysql_error();
        echo '<p class="error">ERROR: '.$msg.'<br/>'.$query.'</p>';
        die();
        }
    $num=mysqli_num_rows($result);
    $z=1; //Starting number of feature.
    if ($num==0)
        {
        $msg="<p class=\"error\">ERROR: No features found. $query</p>";
        //die($msg);
        }
else {
    while ($row = mysqli_fetch_array($result)) 
        { 
        // Display the score data
        $indent=$row['featlevel'];
        echo '<tr valign="top">';
        //Do cbxFeatlevel
        $s='<td>';
  	$s.='<SELECT NAME="cbxFeatindent'.$z.'">';
  	  	$s.='<OPTION value="0" ';
  	  	if ($indent==0)
  	  		{
  	  	$s.=' selected';
  	  	}
  	  	$s.='>0</OPTION>';
  	  	$s.='<OPTION value="1" ';
  	  	if ($indent==1)
  	  		{
  	  	$s.=' selected';
  	  	}
  	  	$s.='>1</OPTION>';
  	$s.='</SELECT>';
        echo "$s\n";
  	$s='<td><textarea name="txtFeat"'.$z.' rows="3" cols="80" >'.
      	   $row['feattext'].'</textarea>';
        echo "$s\n";
        $s='<td><input type="text" name="txtFeatid'.$z.'" value="'.$row['featid'].'" size="6" disabled />';
        echo "$s\n";
        echo '</tr>';
        $z++;
        } // while
} // else

    for ($x=$z+1; $x<=($z+10); $x++) //Add some blank Feature rows. Continue numbering.
        {
        $s='<tr valign="top">';
  	echo "$s\n";
        $s='<td>';
  	$s.='<SELECT NAME="cbxFeatindent'.$x.'">';
  	  	$s.='<OPTION value="0" selected>0</OPTION>';
  	  	$s.='<OPTION value="1">1</OPTION>';
  	$s.='</SELECT>';
        echo "$s\n";
  	$s='<td><textarea name="txtFeat"'.$x.' rows=3 cols=80></textarea>';
        echo "$s\n";
        $s='<td><input type="text" name="txtFeatid'.$x.'" value="'.$row['featid'].'" size="6" disabled />';
        echo "$s</tr>\n";
        }
?>
</table>

<p>
<p>Commands: <input type="submit" name="submit" value="Save">
</form>

<?php
mysqli_close($dbc);
?>

</body>
</html>

 

Around line 117, the $featid and $feattext are blank, but the txtFeatid1 and txtFeat1 are filled in on the screen.

    for ($z=1; $z<=MAXFEATROWS; $z++)
        {
        $featid=trim($_POST['txtFeatid'.$z]);
        $feattext=trim($_POST['txtFeat'.$z]);
        $featlevel=trim($_POST['cbxFeatindent'.$z]);
        echo '$z='.$z.', featid='.$_POST['txtFeatid'.$z].', feattext='.$feattext.'<br/>'; //DEBUG. Problems here

 

[bulrush]

I still have questions I didn't see answered.

• Do POST variables get cleared when I execute a mysqli_query()?
  
• Or when I do mysqli_num_rows()?
  
• When do POST variables get cleared inside of a single PHP file, if ever?
  

[kenrbnsn]

Answers:

 

No

No

Only when you do so in your code.

 

Ken

[bulrush]

Thanks Ken. Now it must be a logic problem on my part, pretty feasible since I'm a newbie to PHP. But I just don't see the problem.

 

[kenrbnsn]

At the top of your script put

<?php
if (isset($_POST['submit'])) {
   echo '<pre>' . print_r($_POST,true) . '</pre>';
}
?>

This will dump what is being sent from your form before you do any processing.

 

Also, have you done a "show source" on the form to make sure it looks OK? Do you have a public link to it?

 

Ken

[bulrush]

Gah! Looking at my form source I see the quotes strike again. The text box name is:

name="txtFeat"1

 

I'll fix it and retry.

 

[bulrush]

I noticed that on my text boxes (including the txtFeatid1 where I'm having problems) I use the name="" attribute, but not the id="" attribute. In the "Headfirst PHP and Mysql" book I finished reading, they used both the name and id attributes, and they both had the same value.

 

Is omitting the id attribute a problem? Is that was it used to set the POST variable?

 

 

[PFMaBiSmAd]

The id only has meaning in the browser.

 

As far as php is concerned, only the name has significance.

[bulrush]

Ok. So my text box that I'm having problems with, called txtFeatid1, is disabled in the form. This is a key field and the user should not change it. Could that be why it is not sent to a POST variable?

 

[kenrbnsn]

Change it to a hidden field, i.e. type="hidden". The value will get sent to your script, but it won't show on the form.

 

Ken

[bulrush]

But I still want to see the field during debugging. I need to check the query I construct is actually updating the right record. Then when I release the app I can change it to a hidden field. So, is "disabled" the problem? I wasn't clear on that.

 

[PFMaBiSmAd]

Yes, disabled form fields are not submitted.

 

If you want to display the value, you should either just echo it somewhere or if you want it to appear in a disabled form field, you will need to duplicate it in a hidden field (or pass it as a get parameter on the end of the URL in the action="..." attribute.)

[bulrush]

I have verified that disabled input box fields are not saved to $_POST. Thanks everyone! Perhaps a "readonly" input box will be, but I don't have time to test that.