What is the size limit of an HTTP POST request?

Question

Sorry if this is duplicate,I would think it would be but couldn't find anything.

I have a flex application that I am posting data back to a PHP/MySQL server via Internet Explorer. I haven't run into any problems yet, but knowing this ahead of time might save me a bunch of frustration and work. Is there a size limit to posting data via HTTP?

This article says "no":
http://www.netlobo.com/ie_form_submit.html
This discussion says "yes":
http://bytes.com/topic/php/answers/538226-what-maximum-limit-using-post-method

And it all goes back and forth what I'm able to find online. So please limit answers to personally tested/verified numbers.

I am wanting to post back an XML string that can be quite large (say up to 5mb).

If it makes any difference: browser will always be Internet Explorer (our product requires it), POST is coming from an HTTPService in Flex, web server is PHP, database is MySQL.

i had this problem in laravel and add ini_set('max_input_vars', 2500); in server.php in root of my project and its worked stackoverflow.com/a/63241730/308578 — saber tabatabaee yazdi
– saber tabatabaee yazdi, Commented Aug 4, 2020 at 7:04

Wolverine · Accepted Answer · 2016-12-04 23:44:06Z

223

It depends on a server configuration. If you're working with PHP under Linux or similar, you can control it using .htaccess configuration file, like so:

#set max post size php_value post_max_size 20M

And, yes, I can personally attest to the fact that this works :)

If you're using IIS, I don't have any idea how you'd set this particular value.

edited Dec 4, 2016 at 23:44

Wolverine

1,7001 gold badge15 silver badges18 bronze badges

answered Mar 2, 2010 at 16:41

brettkelly

28.3k8 gold badges58 silver badges73 bronze badges

Sign up to request clarification or add additional context in comments.

13 Comments

invertedSpear Over a year ago

Where is this post_max_size setting at? I'm rather new to php and I can't find it anywhere in our code base (using the dreamWeaver find-all process). I'd ask our sys admins but they're mean. :-P

Para Over a year ago

So can you just set this value to whatever size? Isn't there any kind of protocol limitation? Can you set it to 999999999999999999999M?

RustyTheBoyRobot Over a year ago

@Para - This post says that you can set it as high as your machine's memory. It also says that the default is 2MB.

RustyTheBoyRobot Over a year ago

Since this is PHP, I was kind of expecting it to accept any value and just SEGFAULT when it reaches your machine's limit....

Nikolay Ivanov Over a year ago

Also, in PNP.INI file there is a setting: max_input_vars which in my version of PHP: 5.4.16 defaults to 1000. From the manual: "How many input variables may be accepted (limit is applied to $_GET, $_POST and $_COOKIE superglobal separately)" Ref.: php.net/manual/en/info.configuration.php#ini.max-input-vars

|

informatik01 · Accepted Answer · 2023-06-21 00:47:24Z

The URL portion of a request (GET and POST) can be limited by both the browser and the server - generally the safe size is 2KB as there are almost no browsers or servers that use a smaller limit.

The body of a request (POST) is normally¹ limited by the server on a byte size basis in order to prevent a type of DoS attack (note that this means character escaping can increase the byte size of the body). The most common server setting is 10MB, though all popular servers allow this to be increased or decreased via a setting file or panel.

¹ Some exceptions exist with older cell phone or other small device browsers - in those cases it is more a function of heap space reserved for this purpose on the device then anything else.

I know I'm a bit behind the times here but answers like these are the reason I love StackOverflow. Above and beyond what's required and providing some valuable background information.

Babak Naffas · Accepted Answer · 2014-01-31 23:55:36Z

Also, in PHP.INI file there is a setting:

max_input_vars

which in my version of PHP: 5.4.16 defaults to 1000.

From the manual: "How many input variables may be accepted (limit is applied to $_GET, $_POST and $_COOKIE superglobal separately)"

Ref.: http://www.php.net/manual/en/info.configuration.php#ini.max-input-vars

Notice the this value is commented by default, so uncomment it and change the desired value.

Bowdzone · Accepted Answer · 2015-03-10 14:03:55Z

You can post large amount of data by setting php.ini variable: max_input_vars Default size of this variable is 1000 but if you want to sent large amount of data you have to increase the size accordingly. If you can't set the size from ini_set you have to do it through htaccess or by doing changes into php.ini file directly.

max_input_vars 2500 memory_limit 256M

Community · Accepted Answer · 2020-07-20 16:17:19Z

5

As David pointed out, I would go with KB in most cases.

php_value post_max_size 2K

Note: my form is simple, just a few text boxes, not long text.

(PHP shorthand for KB is K, as outlined here.)

edited Jul 20, 2020 at 16:17

CommunityBot

11 silver badge

answered Jun 27, 2013 at 9:35

Chris-MindflowAU

4419 silver badges13 bronze badges

2 Comments

anjanesh Over a year ago

What is the default ? Im having about 750 input texts which is less than 1000 and my form still isnt sending in all the data to the POST page.

Chris-MindflowAU Over a year ago

@anjanesh In Depends on your server config and/or PHP version. In PHP 8.2 it's set to 8M by default. See here: php.net/manual/en/ini.core.php#ini.post-max-size php.net/manual/en/features.file-upload.php

foobar · Accepted Answer · 2016-11-16 04:04:30Z

By default, the post request has maximum size of 8mb. But you can modify it according to your requirements. The modification can be done by opening php.ini file (php configuration setting).

Find

post_max_size=8M //for me, that was on line:771

replace 8 according to your requirements.

Hutch Moore · Accepted Answer · 2016-05-24 20:00:09Z

One of the best solutions for this, you do not use multiple or more than 1,000 input fields. You can concatenate multiple inputs with any special character, for ex. @.

See this:

<input type='text' name='hs1' id='hs1'> <input type='text' name='hs2' id='hs2'> <input type='text' name='hs3' id='hs3'> <input type='text' name='hs4' id='hs4'> <input type='text' name='hs5' id='hs5'> <input type='hidden' name='hd' id='hd'>

Using any script (JavaScript or JScript),

document.getElementById("hd").value = document.getElementById("hs1").value+"@"+document.getElementById("hs2").value+"@"+document.getElementById("hs3").value+"@"+document.getElementById("hs4").value+"@"+document.getElementById("hs5").value

With this, you will bypass the max_input_vars issue. If you increase max_input_vars in the php.ini file, that is harmful to the server because it uses more server cache memory, and this can sometimes crash the server.

I don't see how concatenating variables saves memory. Each ASCII-Character uses 1 byte of memory. A string (technically a char array if I'm not mistaken) uses n * 1 bytes with n as string length. Why would adding another character reduce the memory used? In this calculation you would add another byte for each '@' you add to the string. Of course you reduce the count of variables used but you pay this "win" with extra work splitting them up again.
@DBX12 While you do not save memory with this trick, you can bypass the max_input_vars option in the php.ini with this. Not exactly, what was asked, but still useful.
The size limit exceed depend on two factors: first, size of individual key/value string size, i.e. character count in key and/or value side. second, amount of key/value pairs, even if each pair has small character amount. Overall two above factors end up with size limit exceed issue. So, to me, this answer is correct and related to the question and highlight one side of a problem.

ChrisH · Accepted Answer · 2010-03-02 16:42:43Z

1

It is up to the http server to decide if there is a limit. The product I work on allows the admin to configure the limit.

answered Mar 2, 2010 at 16:42

ChrisH

4,83628 silver badges35 bronze badges

1 Comment

Nikolay Ivanov Over a year ago

Also, in PNP.INI file there is a setting: max_input_vars which in my version of PHP: 5.4.16 defaults to 1000. From the manual: "How many input variables may be accepted (limit is applied to $_GET, $_POST and $_COOKIE superglobal separately)" Ref.: [php.net/manual/en/info.configuration.php#ini.max-input-vars][1] [1]: php.net/manual/en/info.configuration.php#ini.max-input-vars

Mira Nedved · Accepted Answer · 2020-05-24 09:30:47Z

For developers who cannot change php configuration because of the webhosting. (My settings 256MB max size, 1000 max variables)

I got the same issue that just 2 out of 5 big data objects (associative arrays) with substructures were received on the server side.

I find out that the whole substructure is being "flattened" in the post request. So, one object becomes a hundreds of literal variables. At the end, instead of 5 Object variables it is in reality sending dozens of hundreds elementar variables.

Solution in this case is to serialize each of the substructures into String. Then it is received on the server as 5 String variables. Example: {variable1:JSON.stringify(myDataObject1),variable2:JSON.stringify(myDataObject2)...}

Collectives™ on Stack Overflow

What is the size limit of an HTTP POST request?

9 Answers 9

13 Comments

2 Comments

1 Comment

Comments

2 Comments

Comments

3 Comments

1 Comment

Comments

Linked

Hot Network Questions

Collectives™ on Stack Overflow

9 Answers 9

13 Comments

2 Comments

1 Comment

Comments

2 Comments

Comments

3 Comments

1 Comment

Comments

Linked

Related