When I perform stream upload from Java to PHP, I sometimes get a PHP error saying input vars exceeds the limit of max_input_vars.

At first, I did not realize why. Let me first explain:

The files are being uploaded with an approach similar to this:

// get file data from input stream
$putdata = fopen("php://input", "r");
$tmp = tmpfile();
filesize = stream_copy_to_stream ($putdata, $tmp);
fclose ($putdata);

// copy temp stream into destination stream
$target = fopen('myfile.dwg', "w");        
fseek($tmp, 0, SEEK_SET);
stream_copy_to_stream($tmp, $target);
fclose($target);
fclose ($tmp);

To get a picture why PHP would give me such a warning, I took a dump of the data being sent:

file_put_contents ('input_vars.log', print_r ($_REQUEST, true));
file_put_contents ('php_input.log', file_get_contents ('php://input'));

Here’s the funny part:
The file being uploaded is 1,8 megabytes. The resulting logs are:

• input_vars.log => 5 megabytes, 90,000 lines
• php_input.log => 20 megabytes, 283,000 lines

Now the error message suddenly seems legit. The php_input.log just contains bytecode, but the input_vars.log is formatted as such:

Array
(
    [filename] => 0018-101-001_67.dwg
    [versionId] => 11253
    [filetype] => dwg
    [‘á‹Úê-8øFj–sÙ/ghÔ÷JJÐWhvPV] => ...
    ....
)

The first three keys are sent via GET, and all the rest would then be the file data. If I search and count for matches of =>, I get 25,954 matches. I then assume that REQUEST holds 26,000 keys.

Now, over to my question:
I have rased the max_input_vars value several times, and it now holds the value of 30000. Should I just ignore this security setting, and set it has high as possible?
My concern is that PHP removes parts from the REQUEST array if it is larger than 30000, making the file corrupt.

Is there any security problems with setting this value too high? Is there perhaps a better way of uploading files to PHP?