When iframe's URL is too long (more than 2083 bytes), using self submitting form?

winterheat · September 20, 2008, 2:31pm

In some situation where we does an <iframe src=“…”> </iframe>, the URL can be longer than 2083 bytes long and it seems it will choke IE 6 and 7. Even though Apache 2.x supports URL up to 8k long, IE will not work when the URL is longer than 2083 bytes.

All the params should be short, except one that is like “user_review”, which can be any length, depending on how long the user wrote.

So in this case, I wonder for the solution of iframe with no src=“…” and then create a form with the form method as POST, and the form’s action = “foo.php?v=2&user_id=123456[and with all params with the shorter values]”, and then with a hidden input, whose name is “user_review” and value=‘<?= htmlspecialchars(“$user_review”) ?>’ (htmlspecialchars() in PHP), and then have a javascript line below to auto submit this form. Is that a common solution? It usually won’t break any browser I think. But this also seems like sort of a hack that will not work if the user has turned off javascript. So is there a better solution I wonder?

Also a catch might be that, if we also specify a src=" … " for the iframe initially, then the iframe might start loading first, and then all of a sudden, the form will auto submit to this iframe, and then it will cause net traffic twice? (the first one being canceled but still induce some system and net overhead). Thanks.

World_Wide_Weird · September 20, 2008, 6:22pm

Use POST instead of GET for the form method. PHP’s default maximum POST data length is 8MB.

Don’t put a query string in the form’s action URI. Put the query string parameters in hidden form fields instead.

winterheat · September 20, 2008, 6:36pm

yes, i forgot to mention it is POST. and it is added to the original post.

actually… using those params in the URL will work too… the target can use $_GET or $_POST to get them… it probably is best to make them all hidden input, but as params on the URL they work on all current browsers I tried. Thank you though.

felgall · September 20, 2008, 9:06pm

If you use POST then the limit on how much data you can pass is so high that it would take someone several days of typing in the form to overflow it.

If you use POST then the form fields do not end up in the URL so if it is in the URL then you are using GET rather than POST.

winterheat · September 21, 2008, 5:18am

the fact is you can post to a target with params on the URL and both POST and GET params will be passed to the php file.