Login/Register
What is the size limit of an HTTP POST request?
Asked Answered
Solved phpinternet-explorerhttppost
D

9

296

Sorry if this is duplicate,I would think it would be but couldn't find anything.

I have a flex application that I am posting data back to a PHP/MySQL server via Internet Explorer. I haven't run into any problems yet, but knowing this ahead of time might save me a bunch of frustration and work. Is there a size limit to posting data via HTTP?

And it all goes back and forth what I'm able to find online. So please limit answers to personally tested/verified numbers.

I am wanting to post back an XML string that can be quite large (say up to 5mb).

If it makes any difference: browser will always be Internet Explorer (our product requires it), POST is coming from an HTTPService in Flex, web server is PHP, database is MySQL.

Dierolf answered 2/3, 2010 at 16:37 Comment(2)
#2277259Soukup
i had this problem in laravel and add ini_set('max_input_vars', 2500); in server.php in root of my project and its worked https://mcmap.net/q/47189/-configuring-php-ini-in-homesteadUhhuh
G
220

It depends on a server configuration. If you're working with PHP under Linux or similar, you can control it using .htaccess configuration file, like so:

#set max post size
php_value post_max_size 20M

And, yes, I can personally attest to the fact that this works :)

If you're using IIS, I don't have any idea how you'd set this particular value.

Grimonia answered 2/3, 2010 at 16:41 Comment(13)
Where is this post_max_size setting at? I'm rather new to php and I can't find it anywhere in our code base (using the dreamWeaver find-all process). I'd ask our sys admins but they're mean. :-PDierolf
@Dierolf It is in your web server's PHP configuration file, e.g. on our Linux server it is /etc/php5/cgi/php.iniNewlin
So can you just set this value to whatever size? Isn't there any kind of protocol limitation? Can you set it to 999999999999999999999M?Everything
@Everything - This post says that you can set it as high as your machine's memory. It also says that the default is 2MB.Doerrer
Since this is PHP, I was kind of expecting it to accept any value and just SEGFAULT when it reaches your machine's limit....Doerrer
Also, in PNP.INI file there is a setting: max_input_vars which in my version of PHP: 5.4.16 defaults to 1000. From the manual: "How many input variables may be accepted (limit is applied to $_GET, $_POST and $_COOKIE superglobal separately)" Ref.: php.net/manual/en/info.configuration.php#ini.max-input-varsGlazer
@NikolayIvanov, So who wins when both settings are set?Kate
@Pacerier, I'm not sure, but I think both rules are limiting, if you exceed the limit of any of the two, this rule will come into force.Glazer
I can also verify that on a Linux configuration (CentOS 6.6, PHP 5.4 and CakePHP 2.6.5), it only works if you change the settings in the .htaccess file and not in php.ini. If the form contains many input fields (500 checkboxes in my case) you also need to set php_value max_input_vars to a value larger than 1000.Gasworks
@NikolayIvanov, I could kiss you right now, I've ben beating my head against a wall all night and just looked at the var count....1017 vars being sent!...you saved whats left of my hair!Komsa
is the max size set on the server sending the file or receiving the file?Loud
@spenf10 it is set on the server that's receiving the post data.Crow
Not directly related to PHP's post size but I've faced a similar problem with HTML textarea which has 65535 (64K) hard-coded limit on most browsers. Browsers simply ignores the form item and doesn't even send them to server.Do
G
80

The URL portion of a request (GET and POST) can be limited by both the browser and the server - generally the safe size is 2KB as there are almost no browsers or servers that use a smaller limit.

The body of a request (POST) is normally1 limited by the server on a byte size basis in order to prevent a type of DoS attack (note that this means character escaping can increase the byte size of the body). The most common server setting is 10MB, though all popular servers allow this to be increased or decreased via a setting file or panel.

1 Some exceptions exist with older cell phone or other small device browsers - in those cases it is more a function of heap space reserved for this purpose on the device then anything else.

Gullet answered 2/3, 2010 at 16:45 Comment(2)
Tell something about the browser limits, considering curlBurning
I know I'm a bit behind the times here but answers like these are the reason I love StackOverflow. Above and beyond what's required and providing some valuable background information.Watercourse
G
63

Also, in PHP.INI file there is a setting:

max_input_vars

which in my version of PHP: 5.4.16 defaults to 1000.

From the manual: "How many input variables may be accepted (limit is applied to $_GET, $_POST and $_COOKIE superglobal separately)"

Ref.: http://www.php.net/manual/en/info.configuration.php#ini.max-input-vars

Glazer answered 8/11, 2013 at 13:0 Comment(1)
Notice the this value is commented by default, so uncomment it and change the desired value.Hildie
S
19

You can post large amount of data by setting php.ini variable: max_input_vars Default size of this variable is 1000 but if you want to sent large amount of data you have to increase the size accordingly. If you can't set the size from ini_set you have to do it through htaccess or by doing changes into php.ini file directly.

max_input_vars  2500
memory_limit    256M
Strife answered 10/3, 2015 at 13:18 Comment(0)
A
4

As David pointed out, I would go with KB in most cases.

php_value post_max_size 2K

Note: my form is simple, just a few text boxes, not long text.

(PHP shorthand for KB is K, as outlined here.)

Arris answered 27/6, 2013 at 9:35 Comment(0)
S
3

By default, the post request has maximum size of 8mb. But you can modify it according to your requirements. The modification can be done by opening php.ini file (php configuration setting).

Find

post_max_size=8M  //for me, that was on line:771

replace 8 according to your requirements.

Sophist answered 16/11, 2016 at 4:4 Comment(0)
M
2

One of the best solutions for this, you do not use multiple or more than 1,000 input fields. You can concatenate multiple inputs with any special character, for ex. @.

See this:

<input type='text' name='hs1' id='hs1'>
<input type='text' name='hs2' id='hs2'>
<input type='text' name='hs3' id='hs3'>
<input type='text' name='hs4' id='hs4'>
<input type='text' name='hs5' id='hs5'>

<input type='hidden' name='hd' id='hd'>

Using any script (JavaScript or JScript),

document.getElementById("hd").value = document.getElementById("hs1").value+"@"+document.getElementById("hs2").value+"@"+document.getElementById("hs3").value+"@"+document.getElementById("hs4").value+"@"+document.getElementById("hs5").value

With this, you will bypass the max_input_vars issue. If you increase max_input_vars in the php.ini file, that is harmful to the server because it uses more server cache memory, and this can sometimes crash the server.

Mandolin answered 18/1, 2014 at 11:39 Comment(3)
I don't see how concatenating variables saves memory. Each ASCII-Character uses 1 byte of memory. A string (technically a char array if I'm not mistaken) uses n * 1 bytes with n as string length. Why would adding another character reduce the memory used? In this calculation you would add another byte for each '@' you add to the string. Of course you reduce the count of variables used but you pay this "win" with extra work splitting them up again.Meetly
@Meetly While you do not save memory with this trick, you can bypass the max_input_vars option in the php.ini with this. Not exactly, what was asked, but still useful.Decaliter
The size limit exceed depend on two factors: first, size of individual key/value string size, i.e. character count in key and/or value side. second, amount of key/value pairs, even if each pair has small character amount. Overall two above factors end up with size limit exceed issue. So, to me, this answer is correct and related to the question and highlight one side of a problem.Sordid
M
1

It is up to the http server to decide if there is a limit. The product I work on allows the admin to configure the limit.

Malposition answered 2/3, 2010 at 16:42 Comment(1)
Also, in PNP.INI file there is a setting: max_input_vars which in my version of PHP: 5.4.16 defaults to 1000. From the manual: "How many input variables may be accepted (limit is applied to $_GET, $_POST and $_COOKIE superglobal separately)" Ref.: [php.net/manual/en/info.configuration.php#ini.max-input-vars][1] [1]: php.net/manual/en/info.configuration.php#ini.max-input-varsGlazer
B
0

For developers who cannot change php configuration because of the webhosting. (My settings 256MB max size, 1000 max variables)

I got the same issue that just 2 out of 5 big data objects (associative arrays) with substructures were received on the server side.

I find out that the whole substructure is being "flattened" in the post request. So, one object becomes a hundreds of literal variables. At the end, instead of 5 Object variables it is in reality sending dozens of hundreds elementar variables.

Solution in this case is to serialize each of the substructures into String. Then it is received on the server as 5 String variables. Example: {variable1:JSON.stringify(myDataObject1),variable2:JSON.stringify(myDataObject2)...}

Bush answered 24/5, 2020 at 9:30 Comment(0)

© 2022 - 2024 — McMap. All rights reserved.