SyntaxFix

[php] HTML Upload MAX_FILE_SIZE does not appear to work

I am wondering how is the hidden field named MAX_FILE_SIZE supposed to work?

<form action="" method="post" enctype="multipart/form-data">
    <!-- in byes must preceed file field -->
    <input type="hidden" name="MAX_FILE_SIZE" value="2097152" /> 
    <input type="file" name="upload" />

    <input type="submit" name="submit" value="Submit" />
</form>

I uploaded a 4MB+ file but I got no warning from client side (I am not talking about server side). What is it MAX_FILE_SIZE supposed to do?

UPDATE

OK so its for PHP to impose a "soft" limit. But is there any difference between using it and checking something like $_FILES['upload']['size'] < 2000 in code?

This question is related to php html file-upload

The answer is

Actually, it doesn't really work. You can find an explanation in one of the comments in the manual page: http://www.php.net/manual/en/features.file-upload.php#74692

Answer to updated question: the obvious difference is that server-side checks are reliable, client-side checks are not.

Before I start, please let me emphasize that the size of the file must be checked on the server side. If not checked on server side, malicious users can override your client side limits, and upload huge files to your server. DO NOT TRUST THE USERS.

I played a bit with PHP's MAX_FILE_SIZE, it seemed to work only after the file was uploaded, which makes it irrelevant (again, malicious user can override it quite easily).

The javascript code below (tested in Firefox and Chrome), based on Matthew's post, will warn the user (the good, innocent one) a priori to uploading a large file, saving both traffic and the user's time:

<form method="post" enctype="multipart/form-data" 
onsubmit="return checkSize(2097152)">    
<input type="file" id="upload" />
<input type="submit" />


<script type="text/javascript">
function checkSize(max_img_size)
{
    var input = document.getElementById("upload");
    // check for browser support (may need to be modified)
    if(input.files && input.files.length == 1)
    {           
        if (input.files[0].size > max_img_size) 
        {
            alert("The file must be less than " + (max_img_size/1024/1024) + "MB");
            return false;
        }
    }

    return true;
}
</script>

It's only supposed to send the information to the server. The reason that it must preceed the file field is that it has to come before the file payload in the request for the server to be able to use it to check the size of the upload.

How the value is used on the server depends on what you use to take care of the upload. The code is supposedly intended for a specific upload component that specifically looks for that value.

It seems that the built in upload support in PHP is one to use this field value.

PHP.net explanation about MAX_FILE_SIZE hidden field.

The MAX_FILE_SIZE hidden field (measured in bytes) must precede the file input field, and its value is the maximum filesize accepted by PHP. This form element should always be used as it saves users the trouble of waiting for a big file being transferred only to find that it was too large and the transfer failed. Keep in mind: fooling this setting on the browser side is quite easy, so never rely on files with a greater size being blocked by this feature. It is merely a convenience feature for users on the client side of the application. The PHP settings (on the server side) for maximum-size, however, cannot be fooled.

http://php.net/manual/en/features.file-upload.post-method.php

To anyone who had been wonderstruck about some files being easily uploaded and some not, it could be a size issue. I'm sharing this as I was stuck with my PHP code not uploading large files and I kept assuming it wasn't uploading any Excel files. So, if you are using PHP and you want to increase the file upload limit, go to the php.ini file and make the following modifications:

  • upload_max_filesize = 2M

to be changed to

  • upload_max_filesize = 10M

  • post_max_size = 10M

or the size required. Then restart the Apache server and the upload will start magically working. Hope this will be of help to someone.

There IS A POINT in introducing MAX_FILE_SIZE client side hidden form field.

php.ini can limit uploaded file size. So, while your script honors the limit imposed by php.ini, different HTML forms can further limit an uploaded file size. So, when uploading video, form may limit* maximum size to 10MB, and while uploading photos, forms may put a limit of just 1mb. And at the same time, the maximum limit can be set in php.ini to suppose 10mb to allow all this.

Although this is not a fool proof way of telling the server what to do, yet it can be helpful.

  • HTML does'nt limit anything. It just forwards the server all form variable including MAX_FILE_SIZE and its value.

Hope it helped someone.

Source: Stackoverflow.com

Examples related to php

I am receiving warning in Facebook Application using PHP SDK Pass PDO prepared statement to variables Parse error: syntax error, unexpected [ Preg_match backtrack error Removing "http://" from a string How do I hide the PHP explode delimiter from submitted form results? Problems with installation of Google App Engine SDK for php in OS X Laravel 4 with Sentry 2 add user to a group on Registration php & mysql query not echoing in html with tags? How do I show a message in the foreach loop?

Examples related to html

Embed ruby within URL : Middleman Blog Please help me convert this script to a simple image slider Generating a list of pages (not posts) without the index file Why there is this "clear" class before footer? Is it possible to change the content HTML5 alert messages? Getting all files in directory with ajax DevTools failed to load SourceMap: Could not load content for chrome-extension How to set width of mat-table column in angular? How to open a link in new tab using angular? ERROR Error: Uncaught (in promise), Cannot match any routes. URL Segment

Examples related to file-upload

bootstrap 4 file input doesn't show the file name How to post a file from a form with Axios File Upload In Angular? How to set the max size of upload file The request was rejected because no multipart boundary was found in springboot Send multipart/form-data files with angular using $http File upload from <input type="file"> How to upload files in asp.net core? REST API - file (ie images) processing - best practices Angular - POST uploaded file

Tags

System.windows.media Ll Zend-controller Mono.cecil Aescryptoserviceprovider Driveinfo Python-module Iphone-sdk-3.0 Jwt Flat Dynamic-finders Planning Tryparse Distributed-database Revit-api C#-5.0 Google-authentication Generic-interface Byte-order-mark Server-side-controls Self-documenting Accordion Filefilter Bea Stanford-nlp Datejs Jasper-reports Crash-log Game-development Jsonresult Representation Merge-conflict-resolution Qextserialport Git-add Meta Connection-points Objective-c Episerver-6 Mysql-num-rows Checkstyle Fileinputstream Api-hook Setrlimit Ddd-debugger Inject Register-allocation Preforking Databound Server-response Sqlsoup Transactional-replication Sql-server-data-services Mv Coderush-xpress Evb Shared-nothing Radwindow Filechooser Boost-spirit-qi Flash-10 Flex-datagrid Natsort Pyodbc Token-name-resolution Wcf-binding Select-case Portable-applications Nsfetchedresultscontroller Ffserver Smlnj Language-switching Footer Grand-central-dispatch Wgs84 Solrnet Rownum Perfect-hash Android-assets Impdp Vhdl Distributed-programming Dijit.form Delphi-2007 Setcookie Resourceproviderfactory Httpd.conf Mysql-error-1451 Jaas Lastpasswordset Staledataexception Turtle-graphics Rar Endpointbehavior Msgrcv System.web.caching Data-containers Scheduler Savechanges Strftime Jsonp