Best IT Recipes

Client-side file upload size?

I use PHP to upload files. The PHP manual shows an example of using a hidden field MAX_FILE_SIZE , saying that it will detect on the client side (that is, in the browser) whether the file is too large or not.

I just tried the example in Firefox, Chrome and IE, and it does not work. The file is always loaded, even if it is larger than the specified hidden field.

By the way, if the file is larger than MAX_FILE_SIZE , then the move_uploaded_file call move_uploaded_file not work, so it seems that the variable has an effect on the server side, but not on the client side.

+8
html php file-upload
May 29 '10 at 11:22
source share
4 answers

At MAX_FILE_SIZE

Read this:

... In http://pk.php.net/manual/en/features.file-upload.post-method.php and equivalent locations in other formats, it is indicated that browsers take the value of the form field MAX_FILE_SIZE into account.

This information is repeated elsewhere on the Internet and in books, but seems to come from the PHP documentation (it does not appear in terms of other server technologies ).

In any of the HTML, HTTP, or related specifications, there is nothing to indicate that it is so (in particular RFC 1867, in which the file was entered, loading in HTML does not mention this , so this is not even the case of kludge it was mentioned in the first RFC and then omitted) and does not make sense in the context of HTML specifications (there is nothing that would indicate the relationship between this particular hidden input and file input). The only statements about hidden fields that I could find in any of them were warnings in the security considerations sections against user agents basing any file operations on everything mentioned in the hidden field.

Browsers do not appear as an "extension" . Indeed, given that there are potentially other possible values ​​for a hidden field with this name in an application that processes multiple file downloads, it would be considered a design flaw in any of them.

I affirm that there is no such mechanism in the main browsers (if there is one and should not exist at all. The link to it should be removed from the documentation.

I would suggest that since this idea spread from this documentation elsewhere, a note about this should not be added.

If you need or need some kind of mechanism for managing this faster, it's something like a file processing problem, and it requires functionality that allows PHP to intercept the threads loaded before the request completes, which will be completely different from how this documentation suggests this should be considered even if it is true ...



the code below comes from the php implementation of swfUpload:

 // Check post_max_size (http://us3.php.net/manual/en/features.file-upload.php#73762) $POST_MAX_SIZE = ini_get('post_max_size'); $unit = strtoupper(substr($POST_MAX_SIZE, -1)); $multiplier = ($unit == 'M' ? 1048576 : ($unit == 'K' ? 1024 : ($unit == 'G' ? 1073741824 : 1))); if ((int)$_SERVER['CONTENT_LENGTH'] > $multiplier*(int)$POST_MAX_SIZE && $POST_MAX_SIZE) { header("HTTP/1.1 500 Internal Server Error"); echo "POST exceeded maximum allowed size."; exit(0); } // Validate the file size (Warning the largest files supported by this code is 2GB) $max_file_size_in_bytes = 2147483647; $file_size = @filesize($_FILES[$upload_name]["tmp_name"]); if (!$file_size || $file_size > $max_file_size_in_bytes) { HandleError("File exceeds the maximum allowed size"); exit(0); }
+10
May 29 '10 at 11:52 a.m.
source share

This now probably only works on Firefox 3.6:

 <script type="text/javascript"> function checkSize() { var input = document.getElementById("upload"); // check for browser support (may need to be modified) if(input.files && input.files.length == 1) { if (input.files[0].fileSize > 1024) /* or maybe .size */ { alert("The file must be less than 1KB"); return false; } } return true; } </script> <form method="post" enctype="multipart/form-data" onsubmit="return checkSize()"> <input type="file" id="upload" /> <input type="submit" /> </form>

See http://www.w3.org/TR/FileAPI/ .

+6
May 29 '10 at 18:09
source share

As far as I know, there is no simple, cross-browser solution for this. The only working solutions are Flash or Java, because these technologies can access the file system and get information about the file.

Script examples: YUI2 Uploader , FancyUpload , SWFUpload

+3
May 29 '10 at 12:03
source share

If you use the hidden field MAX_FILE_SIZE correctly, the file will simply be stopped when the loaded size reaches the specified value. And thus, it eliminates the need for users to wait for the transfer of a large file. You should check if the file upload has stopped on the server side using the error code .

 if($_FILES['userfile']['error'] == 2) { die("Maximum file size Exceeded"); }
+1
Feb 07 '14 at 13:18
source share


More articles: