There is a error when you send POST request to the server

Website Building
#1

I have a website that handles POST request. there are 20 fields which i send from postman to the PHP file on my website. I able to send request successfully in 2016-2017. But now when i send same request I get this Error

Bad Request

Your browser sent a request that this server could not understand.
The number of request header fields exceeds this server’s limit.

This is my website.

#2

Could you paste the code used to handle the POST request?

#3 
<?php

require 'conn.php';

$email=$_POST['email'];
$mobile=$_POST['mobile'];
$password=$_POST['password'];
$firstname=$_POST['firstname'];
$middlename=$_POST['middlename'];
$lastname=$_POST['lastname'];
$age=$_POST['age'];
$dob=$_POST['dob'];
$fatherhusbandname=$_POST['fatherhusbandname'];
$emergencyno=$_POST['emergencyno'];
$flatno=$_POST['flatno'];
$buildingname=$_POST['buildingname'];
$streetname=$_POST['streetname'];
$towncity=$_POST['towncity'];
$pinno=$_POST['pinno'];
$state=$_POST['state'];
$gender=$_POST['gender'];
$aadharcard=$_POST['aadharcard'];
//$passport=$_POST['passport'];
//$driverlicence=$_POST['driverlicence'];
$occupation=$_POST['occupation'];
$martialstatus=$_POST['martialstatus'];
$wifename=$_POST['wifename'];
$wifenumber=$_POST['wifenumber'];
$messagingID=$_POST['messagingid'];

$sql = "SELECT Mobile,First_name FROM book_a_ride_registration where Mobile='$mobile'";
   
   $result = mysql_query( $sql, $conn);
   
   $row = mysql_fetch_array($result, MYSQL_ASSOC);
   
   $response=array();
   
   if($row['Mobile']==$mobile)
   {
       array_push($response,array("status"=>"failed","name"=>"because this user already exits by name ".$row['First_name']));
       echo json_encode($response);
   }
   
   else
   {
       $dateofregistration=date("d-m-y");
       $sql="INSERT INTO book_a_ride_registration (Email_ID, Mobile, Password, First_name, 
                                                    Middle_name, Last_name, Age, Date_of_birth, 
                                                    Father_husband_name, Emergency_no, Flat_no, 
                                                    Building_name, Street_name, Town_city, Pin_no, 
                                                    State, Gender, Aadhar_card, 
                                                    Occupation, Martial_status, Wife_name, Wife_number, 
                                                    Registration_date,MessagingToken) 
                                                    
                                                    VALUES 
                                                    ('$email','$mobile','$password','$firstname',
                                                    '$middlename','$lastname','$age','$dob','$fatherhusbandname',
                                                    '$emergencyno','$flatno','$buildingname','$streetname','$towncity',
                                                    '$pinno','$state','$gender','$aadharcard','$occupation','$martialstatus','$wifename','$wifenumber',
                                                    '$dateofregistration','$messagingID')";
       
       $result=mysql_query( $sql, $conn );
       
       if (!$result) 
       {
       die('Invalid query: ' . mysql_error());
       }
       
       array_push($response,array("status"=>"Success","name"=>$firstname));
       echo json_encode($response);
   }
   

   
   mysql_close($conn);

?>
#4

mysql has been deprecated as of PHP7, please upgrade to mysqli

#5

its working fine on other files with similar header files. I have tested it.

How to access httpd.config?

#6

@RajanLad

You can’t, for this you need to have VPS.

This is because, Admins applied some limits after 2017 due to more number of abuse users.

Solution to this issue is to "Increase LimitRequestFieldSize" on the backend server.(which is not possible as per Admins)

Upgrade to avoid such issues.

image
image.png1059×50 3.18 KB

#7

What are the sizes of the fields you are sending? I wonder if one of them is very large.

Incidentally, you are wide open to SQL injection attacks with this code. When you upgrade to a supported database driver, make sure you use parameter binding.

Yes, or the mysql driver in PDO. This is also supported in PHP7.

1 Like
#8

length of fields are just 20 .

I am not a expert in DB ,could you explain.

“Incidentally, you are wide open to SQL injection attacks with this code. When you upgrade to a supported database driver, make sure you use parameter binding.”

and my client’s webserver is old and supports till PHP 5.5

#9

Sorry, that does not sound right. Are you saying that in all of those fields, you are sending no data item longer than 20 characters? Perhaps you could supply the exact test payload you are sending in Postman?

Do a search on the web for this - it is essential you get this right, if you do not want to be hacked. Presently you are allowing anonymous users to run SQL of their choosing on your database. There are some excellent resources over on Stack Overflow, see the first result of the linked search.

You can upgrade to MySQLi or PDO/mysql even on PHP 5.5, so that when you upgrade to PHP 7, you have less work to do. PHP 5.5 is no longer supported by the core PHP team now.