I check most of the data that enters via a form to make sure it is not longer than anticipated, say, more than a 1000 characters like this
if (strlen($variable) > 1000)
echo "entry is too big";
But I am wondering if there is any danger that PHP might be overloaded (or some other security risk might be present) because of someone submitting excessively long form entries (in the megabyte range). Even if I check for long submits, PHP must still parse the entry, meaning it will bog down the interpreter. (Perhaps there is a way for PHP to just ignore values over a certain size?)
[Sorry, I posted this in the wrong section. I can't seem to find a way to delete my post or move it to web security.]
We have 30 mins grace after a post to edit or delete it. We can't move it afaik. You can flag your post and ask a mod to move it for you.
To delete a post, click the edit post button. Then click the 'Go Advanced' edit button. Above the advanced editor box there is a check box and delete button to delete that post. But bear in mind, posts are not actually deleted afaik. They are only hidden from display and so if you did something naughty in a post :lol:, the mods can still see it
To answer your original question - if you send your form data as a GET, I think the max number of total characters in the query string is something like 1-2k chars. But don't hold me to that. Google should be able to give the exact number.
If you send the form data as a POST then php should pretty well handle whatever you throw at it in "normal" situations and your main issues might be not enough access to the server's RAM and other resources in situations where you want to calculate and map the trajectory of a rocket to Alpha Centauri :).
1000 chars in a string is normally no problem at all for php.