0

I am posting this question here after seeing this recent SuperUser question on the role memory_limit plays in file upload limits.

The official PHP manual states the following under post_max_size

Generally speaking, memory_limit should be larger than post_max_size.

If you understand PHP on some level and what memory_limit is versus post_max_size this official advice makes utterly no sense whatsoever. memory_limit is a setting that is concerned with PHP process memory limits and post_max_size is simply concerned with the max size of items being uploaded via PHP to a filesystem.

Now granted, one can POST a large to a PHP script and have it stored in PHP memory. But pretty much nobody does that. When the vast majority of files are POSTed to a PHP script, that file is streamed through PHP and saved to the file system.

So why then is this “Generally speaking…” advice being given? Or am I completely off my rocker after 20+ years of PHP development and somehow I have been able to upload huge files to LAMP stack applications without having memory_limit exceed post_max_size?

If found a similar question here and this answer as well as this other answer that confirms what I am saying. And heck, here is another answer to another question that touches on the topic where the answer clearly states, “No.”

So why then is the official PHP manual stating memory_limit has anything to do with post_max_size?

And yes, I understand there are some cases in which this “Generally speaking…” advice is valid, but I am finding it confusing how many online sources (see above) contradict what is said in the PHP manual. Perhaps that “general” advice should be made to be more specific for different usage cases?

Giacomo1968
  • 25,759
  • 11
  • 71
  • 103
  • 3
    `post_max_size` is not limited to files being uploaded. What if for some unholy reason your site has a form which POSTs 20 MBs of text from a ` – MonkeyZeus Aug 23 '18 at 17:57
  • 2
    It would depend on what type of data is being posted. If you aren't expecting file uploads (many sites don't), then limiting the post_max_size to something that can completely fit in memory (e.g. the $_POST array) isn't a bad idea. – Jonathan Aug 23 '18 at 18:38
  • Where does PHP store raw POST data? Is it stored entirely in memory or it writes to the filesystem? – edo888 Aug 23 '18 at 20:43

1 Answers1

2

Because if you use the $_POST array it needs to be stored inside the memory, especially for large POST data. Therefore it needs to fit into memory.

You also could use the stream wrapper php://input to reduce memory usage instead of $_POST.

Giacomo1968
  • 25,759
  • 11
  • 71
  • 103
Markus Zeller
  • 8,516
  • 2
  • 29
  • 35
  • Thanks for the quick answer! I have edited my question to add some context, but [can you look at this 2011 question and answer thread](https://stackoverflow.com/q/5106871/117259) to see where I—and other—am coming from with regards to the relationship between `memory_limit` and `post_max_size`? – Giacomo1968 Aug 23 '18 at 18:02
  • The php manual is correct. There are many reasons to use this structure. This answer shows but one example. – ATechGuy Aug 23 '18 at 18:53
  • @ATechGuy Will update the question to clarify, but when it says vaguely and dismissively, “Generally speaking…” and there are tons of examples online that counter that, either the advice given is bad/outdated or the reasoning should be expanded or clarified. – Giacomo1968 Aug 23 '18 at 19:59