in reply to To know parameter size in CGI.pm

monkfan, the size limits on HTML text fields are just suggestions to the browser ... the limits can be easily avoided (manual submission via LWP). If you control the form rendering, you control the processing so you can easily truncate the data for those that bypass your forms.

As for maxdata, CGI's POST_MAX is equivalant (but there are server settings which can make this figure not as large as you want).

-derby

Replies are listed 'Best First'.
Re^2: To know parameter size in CGI.pm
by monkfan (Curate) on May 20, 2006 at 14:31 UTC
    ... the limits can be easily avoided
    Please correct me if I misunderstood your answer. The reason I want to know the size is to abort the web submission process when the input/upload is too large.

    So my worry is not that the input is too small, on the contrary I want to avoid data input of certain size, be it file_upload or text_field input.

    Regards,
    Edward
[reply]

      The reason I want to know the size is to abort the web submission process when the input/upload is too large

      Right ... the client does not send that data back to you on a per-field basis. You can abort if all the data is too large but per field, you need to actually read the param before you can determine if it's too big for your needs.

      To limit for all POST data, follow the example from CGI: 

      use CGI qw/:standard/;
use CGI::Carp ’fatalsToBrowser’;
$CGI::POST_MAX=1024 * 100;  # max 100K posts

      [download]
      An attempt to send a POST larger than $POST_MAX bytes will cause param() to return an empty CGI parameter list. You can test for this event by checking cgi_error(), either after you create the CGI object or, if you are using the function-oriented interface, call <param()> for the first time. If the POST was intercepted, then cgi_error() will return the message "413 POST too large".

      -derby
[reply]
[d/l]

In Section Seekers of Perl Wisdom