What is the size limit of an HTTP POST request?

Question

Sorry if this is duplicate,I would think it would be but couldn't find anything.

I have a flex application that I am posting data back to a PHP/MySQL server via Internet Explorer. I haven't run into any problems yet, but knowing this ahead of time might save me a bunch of frustration and work. Is there a size limit to posting data via HTTP?

This article says "no":
http://www.netlobo.com/ie_form_submit.html
This discussion says "yes":
http://bytes.com/topic/php/answers/538226-what-maximum-limit-using-post-method

And it all goes back and forth what I'm able to find online. So please limit answers to personally tested/verified numbers.

I am wanting to post back an XML string that can be quite large (say up to 5mb).

If it makes any difference: browser will always be Internet Explorer (our product requires it), POST is coming from an HTTPService in Flex, web server is PHP, database is MySQL.

http://stackoverflow.com/questions/2276759/php-whats-the-total-length-of-a-post-global-variable — karim79, Mar 02 '10 at 16:42
i had this problem in laravel and add ini_set('max_input_vars', 2500); in server.php in root of my project and its worked https://stackoverflow.com/a/63241730/308578 — saber tabatabaee yazdi, Aug 04 '20 at 07:04

score 218 · Accepted Answer · edited Dec 04 '16 at 23:44

218

It depends on a server configuration. If you're working with PHP under Linux or similar, you can control it using .htaccess configuration file, like so:

#set max post size
php_value post_max_size 20M

And, yes, I can personally attest to the fact that this works :)

If you're using IIS, I don't have any idea how you'd set this particular value.

edited Dec 04 '16 at 23:44

Wolverine

1,712
1
15
18

answered Mar 02 '10 at 16:41

brettkelly

27,655
8
56
72

3

Where is this `post_max_size` setting at? I'm rather new to php and I can't find it anywhere in our code base (using the dreamWeaver find-all process). I'd ask our sys admins but they're mean. :-P – invertedSpear Mar 02 '10 at 17:07
1

@invertedSpear It is in your web server's PHP configuration file, e.g. on our Linux server it is /etc/php5/cgi/php.ini – Alan Jun 05 '12 at 23:56
13

So can you just set this value to whatever size? Isn't there any kind of protocol limitation? Can you set it to 999999999999999999999M? – Para Jun 24 '12 at 07:46
9

@Para - [This post](http://forums.devshed.com/php-development-5/is-there-a-limit-to-post-max-size-46318.html) says that you can set it as high as your machine's memory. It also says that the default is 2MB. – RustyTheBoyRobot Jul 19 '12 at 23:55
39

Since this is PHP, I was kind of expecting it to accept any value and just SEGFAULT when it reaches your machine's limit.... – RustyTheBoyRobot Jul 19 '12 at 23:56
14

Also, in PNP.INI file there is a setting: max_input_vars which in my version of PHP: 5.4.16 defaults to 1000. From the manual: "How many input variables may be accepted (limit is applied to $_GET, $_POST and $_COOKIE superglobal separately)" Ref.: http://www.php.net/manual/en/info.configuration.php#ini.max-input-vars – Nikolay Ivanov Nov 08 '13 at 13:01
@NikolayIvanov, So who wins when both settings are set? – Pacerier Dec 11 '14 at 07:56
@Pacerier, I'm not sure, but I think both rules are limiting, if you exceed the limit of any of the two, this rule will come into force. – Nikolay Ivanov Dec 11 '14 at 12:11
1

I can also verify that on a Linux configuration (CentOS 6.6, PHP 5.4 and CakePHP 2.6.5), it only works if you change the settings in the .htaccess file and not in php.ini. If the form contains many input fields (500 checkboxes in my case) you also need to set php_value max_input_vars to a value larger than 1000. – thanassis May 28 '15 at 08:21
2

@NikolayIvanov, I could kiss you right now, I've ben beating my head against a wall all night and just looked at the var count....1017 vars being sent!...you saved whats left of my hair! – Wesley Smith Oct 29 '15 at 13:20
is the max size set on the server sending the file or receiving the file? – spen123 Nov 29 '15 at 05:27
@spenf10 it is set on the server that's receiving the post data. – Hutch Moore May 24 '16 at 17:52
Not directly related to PHP's post size but I've faced a similar problem with HTML textarea which has 65535 (64K) hard-coded limit on most browsers. Browsers simply ignores the form item and doesn't even send them to server. – endo64 Mar 07 '17 at 07:11

score 80 · Answer 2 · edited Jun 21 '23 at 00:47

80

The URL portion of a request (GET and POST) can be limited by both the browser and the server - generally the safe size is 2KB as there are almost no browsers or servers that use a smaller limit.

The body of a request (POST) is normally¹ limited by the server on a byte size basis in order to prevent a type of DoS attack (note that this means character escaping can increase the byte size of the body). The most common server setting is 10MB, though all popular servers allow this to be increased or decreased via a setting file or panel.

¹ Some exceptions exist with older cell phone or other small device browsers - in those cases it is more a function of heap space reserved for this purpose on the device then anything else.

edited Jun 21 '23 at 00:47

informatik01

16,038
10
74
104

answered Mar 02 '10 at 16:45

David

24,700
8
63
83

2

Tell something about the browser limits, considering `curl` – Yugal Jindle Feb 13 '12 at 08:33
14

I know I'm a bit behind the times here but answers like these are the reason I love StackOverflow. Above and beyond what's required and providing some valuable background information. – Dormouse Jun 19 '13 at 19:23

score 62 · Answer 3 · edited Jan 31 '14 at 23:55

62

Also, in PHP.INI file there is a setting:

max_input_vars

which in my version of PHP: 5.4.16 defaults to 1000.

From the manual: "How many input variables may be accepted (limit is applied to $_GET, $_POST and $_COOKIE superglobal separately)"

Ref.: http://www.php.net/manual/en/info.configuration.php#ini.max-input-vars

edited Jan 31 '14 at 23:55

Babak Naffas

12,395
3
34
49

answered Nov 08 '13 at 13:00

Nikolay Ivanov

5,159
1
26
22

Notice the this value is commented by default, so uncomment it and change the desired value. – Alvaro Flaño Larrondo Nov 12 '20 at 14:34

score 19 · Answer 4 · edited Mar 10 '15 at 14:03

19

You can post large amount of data by setting php.ini variable: max_input_vars Default size of this variable is 1000 but if you want to sent large amount of data you have to increase the size accordingly. If you can't set the size from ini_set you have to do it through htaccess or by doing changes into php.ini file directly.

max_input_vars  2500
memory_limit    256M

edited Mar 10 '15 at 14:03

Bowdzone

3,827
11
39
52

answered Mar 10 '15 at 13:18

Nilesh Chourasia

408
4
11

score 4 · Answer 5 · edited Jul 20 '20 at 16:17

4

As David pointed out, I would go with KB in most cases.

php_value post_max_size 2K

Note: my form is simple, just a few text boxes, not long text.

(PHP shorthand for KB is K, as outlined here.)

edited Jul 20 '20 at 16:17

Community

1
1

answered Jun 27 '13 at 09:35

ChrisDeDavidMindflowAU

305
4
10

score 3 · Answer 6 · answered Nov 16 '16 at 04:04

By default, the post request has maximum size of 8mb. But you can modify it according to your requirements. The modification can be done by opening php.ini file (php configuration setting).

Find

post_max_size=8M  //for me, that was on line:771

replace 8 according to your requirements.

score 2 · Answer 7 · edited May 24 '16 at 20:00

2

One of the best solutions for this, you do not use multiple or more than 1,000 input fields. You can concatenate multiple inputs with any special character, for ex. @.

See this:

<input type='text' name='hs1' id='hs1'>
<input type='text' name='hs2' id='hs2'>
<input type='text' name='hs3' id='hs3'>
<input type='text' name='hs4' id='hs4'>
<input type='text' name='hs5' id='hs5'>

<input type='hidden' name='hd' id='hd'>

Using any script (JavaScript or JScript),

document.getElementById("hd").value = document.getElementById("hs1").value+"@"+document.getElementById("hs2").value+"@"+document.getElementById("hs3").value+"@"+document.getElementById("hs4").value+"@"+document.getElementById("hs5").value

With this, you will bypass the max_input_vars issue. If you increase max_input_vars in the php.ini file, that is harmful to the server because it uses more server cache memory, and this can sometimes crash the server.

edited May 24 '16 at 20:00

Hutch Moore

124
1
12

answered Jan 18 '14 at 11:39

harpej

101
2

1

I don't see how concatenating variables saves memory. Each ASCII-Character uses 1 byte of memory. A string (technically a char array if I'm not mistaken) uses n * 1 bytes with n as string length. Why would adding another character reduce the memory used? In this calculation you would add another byte for each '@' you add to the string. Of course you reduce the count of variables used but you pay this "win" with extra work splitting them up again. – DBX12 Oct 24 '16 at 13:53
2

@DBX12 While you do not save memory with this trick, you can bypass the `max_input_vars` option in the `php.ini` with this. Not exactly, what was asked, but still useful. – RicoBrassers Apr 10 '17 at 14:55
The size limit exceed depend on two factors: first, size of individual key/value string size, i.e. character count in key and/or value side. second, amount of key/value pairs, even if each pair has small character amount. Overall two above factors end up with size limit exceed issue. So, to me, this answer is correct and related to the question and highlight one side of a problem. – Elnur Shabanov Apr 17 '20 at 11:34

score 1 · Answer 8 · answered Mar 02 '10 at 16:42

1

It is up to the http server to decide if there is a limit. The product I work on allows the admin to configure the limit.

answered Mar 02 '10 at 16:42

ChrisH

4,788
26
35

Also, in PNP.INI file there is a setting: max_input_vars which in my version of PHP: 5.4.16 defaults to 1000. From the manual: "How many input variables may be accepted (limit is applied to $_GET, $_POST and $_COOKIE superglobal separately)" Ref.: [http://www.php.net/manual/en/info.configuration.php#ini.max-input-vars][1] [1]: http://www.php.net/manual/en/info.configuration.php#ini.max-input-vars – Nikolay Ivanov Nov 08 '13 at 12:59

score 0 · Answer 9 · answered May 24 '20 at 09:30

For developers who cannot change php configuration because of the webhosting. (My settings 256MB max size, 1000 max variables)

I got the same issue that just 2 out of 5 big data objects (associative arrays) with substructures were received on the server side.

I find out that the whole substructure is being "flattened" in the post request. So, one object becomes a hundreds of literal variables. At the end, instead of 5 Object variables it is in reality sending dozens of hundreds elementar variables.

Solution in this case is to serialize each of the substructures into String. Then it is received on the server as 5 String variables. Example: {variable1:JSON.stringify(myDataObject1),variable2:JSON.stringify(myDataObject2)...}

What is the size limit of an HTTP POST request?

9 Answers9

Linked

Related