PHP File Upload problem Summary (file size detection, large file upload processing) _php tips

Source: Internet
Author: User
Tags php file upload temporary file storage

Due to both local and server security issues, the "file" based on the input type= page file upload has been in a very awkward position. On the one hand, the user does not want privacy disclosure, so the browser can not be uploaded when the user selected files to make effective judgments. On the other hand, in order to secure the server side and reduce the burden of transmission, the system hopes to keep the illegal files out before the user starts uploading.
One to go, based on the original input method of upload, become a network of storage sites to avoid the lingering problems, but also created a strange plug-in, upload client.
is the input method upload so bad? Of course not. When uploading files is not large, it is very simple and reliable, in PHP, we only need a composite form:

Copy Code code as follows:
<form enctype= "Multipart/form-data" action= "__url__" method= "POST" >

An input box:
Copy Code code as follows:
<input name= "UserFile" type= "file"/>

and server-side line of code:
Copy Code code as follows:
Move_uploaded_file ($_files[' userfile '] [' tmp_name '], '/var/www/uploads/'. basename ($_files[' userfile '] [' name ']);

You can implement the entire upload process.
But as the file grows, the lack of form uploads is exposed. In particular, the simple idea that we want to get the most basic file sizes to prevent large file uploads has become so difficult. The following one by one ways to:
through Max_file_size
The Max_file_size hidden Field (in bytes) must be placed before the file input field, and its value is the maximum size of the received file. This is a suggestion to the browser, and PHP will also check this. You can simply bypass this setting on the browser side, so do not expect to block large files with this attribute. In fact, the maximum upload file in the PHP settings is not invalidated. But it's best to add this item to the form because it prevents users from spending time waiting to upload a large file before discovering that the file has failed to upload too large.
Obviously PHP developers have also taken into account the issue of large file uploads, but as the manual says, max_file_size is just a suggestion to the browser, in fact, all the mainstream browsers so far have not adopted this proposal, so the use of max_file_size constraints file size and configuration, Not a good line.
through the server side
Max_file_size since it is invalid, then users can upload files to the server, the server through the $_files[' userfile ' [' Size '] to determine the size of the file uploaded by the user, and then decide whether to accept the upload and return information. Aside from the server load and possible malicious acts of vandalism, this solution sounds like a waste of a portion of bandwidth and a constraint on uploading files to users.
But this is also not feasible, PHP file uploads are affected by the following settings php.ini:

    • Post_max_size
    • Upload_max_filesize
    • Max_execution_time
    • Memory_limit

Although the set method in the manual has a more detailed description, the reason is still said that this method is not feasible, because the PHP execution script in more than Memory_limit, the post data will be all lost and no error!
Imagine the user filled out a very long form, and accompanied by a file with more than Memory_limit upload, after a long wait time to find a clean blank form, that is how impressive the user experience AH. Moreover, dozens of m of the server traffic is only used to detect file size, is now the network environment is not allowed.
through JavaScript
JavaScript is browser-based, although JS can do a lot of seemingly impossible tasks, but the browser does not do things JS also can not do. Congenitally deficient is doomed to this work only by JavaScript is not competent. However, some IE only method also exists, only for reference.
through Flash
Flash's Filereference class provides a comprehensive set of file processing methods, and now most large file uploads are based on the flash scheme. If the use of flash and JS interaction, whether the client can achieve the size of the file detection? The answer is workable.
First instantiate the Filereference class in the Flash file.

var fr = new Filereference ();

Based on this class, you can use the file browse and Selectfile events provided by Flash to replace the browser event. We need to:
1. Binding Selectfile

Fr.addeventlistener (, onselectfile);

2, to create a JS access to the object, used to place flash get the file information

var s = {
 name: ',
 type: '

3. Create the file browse method

function Browsefile (): void {<br>
 fr.browse ();<br>

4, when the Selectfile event triggers, the transfer of file information

function Onselectfile (e:event): void {<br>
 s.size = fr.size;<br>
 S.type = fr.type;<br>

5, the Browsefile method can be publicly available for JS call

Externalinterface.addcallback ("Browsefile", browsefile);

6, will get the file information passed to JS ("Onselectfile", s);

Now we can get through JS to the file size information passed by flash, the specific implementation can refer to the demo.
The problem seems to have been solved, we have successfully verified the size of the file is not it. But the final conclusion of this paper is that the file size check based on Flash is still not feasible.
The only purpose of file size verification is to upload. In the demo above you can see that the validation of the file name will be displayed in an input box. Familiar with the upload of the students do not feel less what? Yes, through Flash can only get file name, and can not get the full path of the file, but the file path is the necessary condition of input method upload. So although you can successfully through the Flash and JS Interactive check file size, but we can do is just check, and then want to upload, only to continue through the flash mode.
Flash development for security reasons shielding the full path of the file this is understandable, but file upload, especially in the PHP environment file verification upload scheme is still not the best solution.
Of course there are many ways to make up:

Perl based Project Filechucker, Xupload, Uber-uploader
Project SWFUpload based on Flash
There is also a package with PHP directly in the server gorgeous build socket link

But after all, I hope that one day I can see only based on HTML can be achieved by the neat and robust upload scheme, I hope this day will not be too far.
Finally, this is the code download.
php File Upload size set detailed
upload files with PHP, the most problematic is the upload of large volume files when there are errors. This involves PHP's configuration file--php.ini
In this configuration file, there are several values that are closely related to file uploads:

    • File_uploads = ON//whether to allow system support file upload
    • Upload_tmp_dir//Temporary file storage path, Linux under the system default path, Win32 need to specify
    • Upload_max_filesize = 2m//allow maximum file upload volume
    • Post_max_size = 2m//The maximum data capacity that PHP can accept when given to PHP via the Post method

If you upload a file size of 8m (usually), then modify the above settings to meet your requirements.
But to >8m, you have to pay special attention to the other two values in addition to the above values:

    • Max_execution_time = 30//maximum time per script (PHP upload is large, is a matter of time)
    • Memory_limit = 8m//The maximum memory per script can consume

Try to change the two values to a larger size. You can usually solve most of the problems.

This concludes that the volume of uploaded files can be infinitely large. But also consider your network situation, and so on.
On the, some people said that after the change in accordance with this method, more than 100m files will still be wrong, do not know is not the problem of PHP itself.

The problem is first introduced to this, I hope to solve the problem of PHP file upload help.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.