Setting the maximum file size upload via HTML form
Many people encountered a problem when uploading files, that the server persistently tries to download files that are too large for us and this process not only slows down the user, forcing him to wait for a long time, but also loads the server to which the file is downloading.
For Apache servers with PHP installed on them, you can limit this process to 2 ways:
I would like to consider it.
So let's start with what we specify in the form
In the value of the element MAX_FILE_SIZE we specify the maximum size we need in bytes of the downloaded files.
Special attention should be paid to the fact that this element should be BEFORE the file selection fields (for example, immediately after the form tag):
')
Example:
What happens in practice (although some configurations of PHP and Apache prohibit this method):
PHP first gets our file size limit option. Then it reads its value, then “resets” the elements of the $ _FILES array, where the file size exceeds the required one.
An example of what he does with this element:
As you can see, it sets an error code for this element that is different from 0 (0 = successful download), this error reads: “The uploaded file has exceeded the MAX_FILE_SIZE value set in HTML form.
Attention:
detailed description of the mechanism on php.net
PS: I hope this article will help many coders, especially those who do not have server rights to change PHP settings on the server.
ZZY: In my topic, I just wanted to describe one of the mechanism and my experience in using it. This is by no means NOT a manual for compulsory actions, since it is merely an additional , in some cases convenient, verification mechanism.
ZZZY: Edited taking into account statements, wishes, disputes and advice in the comments.
For Apache servers with PHP installed on them, you can limit this process to 2 ways:
- limit the file download settings PHP itself
- limit the file upload using the mechanisms for sending a form request to the server (only by the POST method)
I would like to consider it.
So let's start with what we specify in the form
method="post" and enctype="multipart/form-data" . Next, create a hidden form element.<input type="hidden" name="MAX_FILE_SIZE" value="1111111">In the value of the element MAX_FILE_SIZE we specify the maximum size we need in bytes of the downloaded files.
Special attention should be paid to the fact that this element should be BEFORE the file selection fields (for example, immediately after the form tag):
')
Example:
<form method="post" .... enctype="multipart/form-data">
<input type="hidden" name="max_file_size" value="1111111">
...
<input type="file" name="photo" >
...
</form>What happens in practice (although some configurations of PHP and Apache prohibit this method):
PHP first gets our file size limit option. Then it reads its value, then “resets” the elements of the $ _FILES array, where the file size exceeds the required one.
An example of what he does with this element:
Array ( [photo] => Array ( [name] => my_photo.jpg [type] => [tmp_name] => [error] => 2 [size] => 0 )As you can see, it sets an error code for this element that is different from 0 (0 = successful download), this error reads: “The uploaded file has exceeded the MAX_FILE_SIZE value set in HTML form.
Attention:
- Some browsers may (using this directive) interrupt the download of the file to the server themselves (I don’t know the nature of this effect and didn’t find it in the browser documentation)
- This is NOT a mandatory directive for browsers.
- in browsers, this restriction can be easily circumvented
- in Mozilla Firefox (tested on versions 2 and 3) the restriction on the browser side did not work
- in IE, starting from version 6 (not tested on versions below) and Opera (starting from version 8.5) worked
in theory (I did not check it myself) the parameter restriction through the form MAX_FILE_SIZE takes precedence over the parameter upload_max_filesize in php.ini
detailed description of the mechanism on php.net
PS: I hope this article will help many coders, especially those who do not have server rights to change PHP settings on the server.
ZZY: In my topic, I just wanted to describe one of the mechanism and my experience in using it. This is by no means NOT a manual for compulsory actions, since it is merely an additional , in some cases convenient, verification mechanism.
ZZZY: Edited taking into account statements, wishes, disputes and advice in the comments.
Source: https://habr.com/ru/post/69532/
All Articles