you are limited by memory assigned to php and server itself.
but limiting upload size is a good idea (you prolly don't want your hosting company to force u to pay for dedicated server)
i would suggest say.... 5 megs. this way even 12MP photo will pass. do size test when u are hashing files