From the documentation:
"When using the GET method, parameters are passed using a query string. The limitation of this method is that the length of the value in a name-value pair cannot exceed the maximum length for the value of an environment variable, as imposed by the underlying operating system. In addition, operating systems have a limit on how many environment variables you can define.
When using the POST method, parameters are passed in the request body. Generally, if you are passing large amounts of parameter data to the server, use the POST method."
"The values passed as scalar arguments and the values passed as elements to the index-by table of varchar2 arguments can be up to 32K in size.
For example, when using flexible parameter passing (described in Section 1.6.2, "Flexible Parameter Passing"), each name or value in the query_string portion of the URL gets passed as an element of the name_array or value_array argument to the procedure being invoked. These names or values can be up to 32KB in size."
"The maximum length of the HTTP cookie header is 32000 bytes. Values higher than this generate an error. This limit is due to the PL/SQL varchar2 limit.
The maximum length of any single cookie within the HTTP cookie is 3990. Values higher than this generate an error. This limit is due to the OCI array bind limit of strings in arrays.
There is a hard maximum cookie limit in mod_plsql that limits the number of cookies being set at any given time. That limit is set to 20. Anything over 20 will be dropped.
The PL/SQL Gateway does not support calling procedures with OUT parameters to be called from a Web interface. Doing this may result in ORA-6502 errors. The recommended approach is not to call any procedure that has OUT variables in it. However, the current architecture will let you modify a value as long as the modified value does not exceed the length that was passed in. Existing applications that encounter this problem need to be modified in one of the following ways:
Implement wrappers for procedures with OUT parameters so that such procedures are not invoked directly through a browser URL.
Create a local variable that gets assigned the value of the parameter being passed in, and is then used for all internal changes.
The total number of name value pairs that can be passed to a PL/SQL procedure is 2000.
mod_plsql limits the total number of parameters that can be passed to a single procedure to 2000.
mod_plsql limits the size of a single parameter that can be passed to a procedure to 32000 bytes."
If you try you to call mod_plsql with more than 2000 parameters you will get:
Your browser sent a request that this server could not understand.
mod_plsql: /gp/mod_adm.trans_objectos HTTP-400 Too many arguments passed in. Got X parameters. Upper limit is 2000
where X is the number of parameters passed
For more information about mod_plsql limits and alternatives check this previous post.