More information on this issue:
We are a non-profit and get free hosting from Dreamhost (so I'm stuck with this provider...).
After contacting Dreamhost Support it turns out that they (probably wisely so) have some protections in place for "unusual" behaviors and the update is throwing the following log message:
[Fri May 01 10:17:58 2015] [error] [client 76.171.91.167] ModSecurity: Access denied with code 418 (phase 2). Operator GT matched 3000 at ARGS. [file "/dh/apache2/template/etc/mod_sec2/99_dreamhost_rules.conf"] [line "145"] [id "1990031"] [hostname "
www.junioruniversity.org"] [uri "/nubuilder/nuapi.php"] [unique_id "VUO1RNBx5@0AACZvgGEAAAAC"]
This was explained this way (from Dreamhost Support):
I reached out to our abuse team regarding the error you are getting, and it looks like the modsec rule that it is being trigger when someone or something submits over 3000 elements as arguments to the server. This rule is in place to prevent DoS attacks related to a user submitting a lot of arguments which the application much reconstruct and provide, such as $_POST arguments for PHP.
All pretty reasonable... so doing a little math, my sub-form in this case has 118 rows with 5 updateable fields and 3 read only fields per row, round numbers 5*120 = 600 fields to update with a key/value pair each = 1200 args? So clearly there is some additional overhead going on.
As an experiment, I added a limit 0,20 clause to the sub-form query (limit to the 1st 20 rows) and as expected the form will update just fine...
So, what I basically need is a way to "page" the sub-form records so that the $_POST back is limited. This is reasonable from a usability standpoint because 20 records or so is all you can see on one screen anyway. Therefore the user can update the first 20 records, Save, Page forward, update the next 20, Save, Page forward... etc.
Anyway to do this?
Jeff