I had a debugging problem recently with some server code. It involved passing a list of IP addresses and associated metadata to the central server so that list could be pulled into a different host later. The problem was that, as soon as it reached 127 IPs, everything after that was ignored. Searching for a hint on why produced very little, which is where this post comes in: to provide a result for that search in the future.

In PHP, $_POST is automatically populated with a parsed version of the POST body at runtime. The problem I ran into was that $_POST only contained a portion of the POST body — it didn’t contain every value. I didn’t want to resort to manually parsing php://input, so I started looking into my options.

My first hunch was that post_max_size might be set unusually low, but that turned out not to be the case. It was well above the size that would’ve been needed to contain the full data payload.

Instead, after much digging around, I found it to be a relatively-obscure setting that usually never interferes: max_input_vars. This setting limits the number of values that are set on $_POST and others. Any additional key/value pairs after it reaches that number (the default is 1000) will not be added to the global variable, and it will appear as if they were not passed at all.

While exceeding this setting will trigger a E_WARNING, those were not included in the errors reported by this particular server, which meant PHP just merrily went on its way processing the request despite having incomplete data. The solution? Increase the value of max_input_vars. Documentation: http://php.net/manual/en/info.configuration.php#ini.max-input-vars