Home » Php » php – How long can a URL query argument be?

php – How long can a URL query argument be?

Posted by: admin July 12, 2020 Leave a comment

Questions:

http://site.com/?status=4387hg843hg89473gh87934h89g734hg8973hg9873hg8973h4987g3h489g7h89h849g5

What’s the maximum size of status that PHP can read?

I want to pass error / success messages upon login or signup, and the only way I can do this is by redirecting to a URL and append the messages as arguments to that URL.

like:

<?php

 $errors = array(
   1 => 'Password must have between 6 and 20 characters',
   2 => 'User name must contain only A-Z, a-z and 0-9 characters',
   3 => 'Captcha code does not match',
 );

 $errors =  base64_encode(serialize($errors));

 header("Location: http://www.example.com/?status={$errors}");
 die();

(if you know different ways of doing this please tell me 😉

How to&Answers:

According to RFC2616 Section 3.2.1:

The HTTP protocol does not place any a
priori limit on the length of a URI.
Servers MUST be able to handle the URI
of any resource they serve, and SHOULD
be able to handle URIs of unbounded
length if they provide GET-based forms
that could generate such URIs. A
server SHOULD return 414 (Request-URI
Too Long) status if a URI is longer
than the server can handle (see
section 10.4.15).

With that said, many browsers don’t allow URLs of infinite length. For instance, Internet Explorer has a limit of 2,083 characters.

In your case, I would suggest using a session variable to store the error and once it’s been displayed remove it.

The file that produces the errors:

<?php

 $errors = array(
   1 => 'Password must have between 6 and 20 characters',
   2 => 'User name must contain only A-Z, a-z and 0-9 characters',
   3 => 'Captcha code does not match',
 );

 session_start();
 $_SESSION['errors'] = $errors;

 header("Location: http://www.example.com/");
 die();

The other page:

<?php

 session_start();

 if ( ! empty($_SESSION['errors']) )
 { 
   // Do something with the errors.

   // Remove the errors from the session so they don't get displayed again later.
   unset($_SESSION['errors']);
 }

Answer:

This is more dependent on the user’s browser than anything else. For example, Internet Explorer does not support URLs that have more than 2083 characters. PHP should be fine handling up to (and well past) that limit. Avoiding base64_encode (which is unnecessary) will help. Use urlencode instead (assuming you’re not passing any binary data).

I’m sure people would love to help with different ways of doing this, but you’d have to provide more code.

Answer:

My suggestion is to use HTTP POST instead of HTTP GET