Php file size detection and large file Upload processing

Source: Internet
Author: User
Tags php file upload
Because of local and server security issues, uploading webpage files in the inputtype & quot; file & quot; format is always in a very embarrassing position. On the one hand, users do not want privacy leaks because of local and server-related security issues, so page file Upload based on input type = "file" has been in a very embarrassing position. On the one hand, users do not want to disclose their privacy. Therefore, the browser cannot effectively determine the files selected by users during uploads. On the other hand, to ensure the security of the server and reduce the transmission burden, the system also hopes to reject illegal files before the user starts uploading.

First, the upload based on the original input method has become a legacy problem for the network storage website to avoid, and has created a strange plug-in and upload client.

Is the input Upload so bad? Of course not. When a file is not uploaded, it is very simple and reliable. in PHP, we only need a compound form:

 

Input box:

 

And a line of code on the server:

move_uploaded_file($_FILES['userfile']['tmp_name'], '/var/www/uploads/'. basename($_FILES['userfile']['name']));

You can complete the upload process.

However, as the file grows, insufficient form uploads will be exposed. In particular, the simple idea of getting the most basic file size to stop uploading large files has become so difficult. Here is one of the following:

Use MAX_FILE_SIZE

MAX_FILE_SIZE the hidden field (in bytes) must be placed before the input field of the file, and its value is the maximum size of the received file. This is a suggestion for the browser. PHP will also check this item. This setting can be simply bypassed on the browser side, so do not expect this feature to block large files. In fact, the maximum value of uploaded files in PHP settings will not expire. However, it is best to add this project to the form, because it can avoid the trouble of file Upload failure only after the user spends the time waiting to upload a large file.

Obviously, PHP developers have also considered the issue of uploading large files, but as mentioned in the manual, MAX_FILE_SIZE is just a suggestion for browsers, as a matter of fact, all mainstream browsers have not adopted this advice so far, so the use of MAX_FILE_SIZE constraints file size is the same as the decoration, not feasible.

Through the server side

Since MAX_FILE_SIZE is invalid, you can upload the file to the server. the server uses $ _ FILES ['userfile'] ['size'] to determine the size of the uploaded file, then decide whether to accept the upload and return the information. This solution temporarily removes server loads and possible Malicious Damages. it sounds like a waste of bandwidth and can also constrain the upload of files by users.

However, this is not feasible. PHP file upload is affected by the following settings of php. ini:

post_max_sizeupload_max_filesizemax_execution_timememory_limit

Although the setting method is described in detail in the manual, it is still said that this method is not feasible because when the php execution script exceeds memory_limit, this POST will all be lost and no error will be reported!

Imagine that the user has filled out an ultra-long form and uploaded it together with a file that exceeds memory_limit. after a long wait, the user finds that another blank table is a clean table, what an impressive user experience is there. Moreover, tens of MB of server traffic is only used to detect the file size, which is not allowed in the current network environment.

Using Javascript

Javascript is browser-based. although Javascript can accomplish many seemingly impossible tasks, JS cannot do anything that the browser cannot do. It is doomed that Javascript alone cannot be used for this job. However, some IE Only methods still exist for reference Only.

Flash

The FileReference class of Flash provides a set of comprehensive file processing methods. Currently, most large file uploads also adopt Flash-based solutions. If Flash is used to interact with Js, can the client detect the file size? The answer is feasible.

First, instantiate the FileReference class in the flash file.

var fr = new FileReference();

Based on this class, you can use the file browse and SelectFile events provided by Flash to replace browser events. We need:

1. bind SelectFile

fr.addEventListener(Event.SELECT, onSelectFile);

2. create an object for Js access to store the file information obtained by flash.

var s = {    size:0,    name:'',    type:''}

3. create a file browse

function browseFile():void {
fr.browse();
}

4. when the SelectFile event is triggered, the file information is transmitted.

function onSelectFile(e:Event):void {
s.size = fr.size;
s.name = fr.name;
s.type = fr.type;
}

5. publish the browseFile method for Js calls.

ExternalInterface.addCallback("browseFile", browseFile);

6. pass the obtained file information to Js

ExternalInterface.call("onSelectFile",s);

Now we can get the file size information transmitted by flash through Js. for details, see the Demo.

Conclusion

The problem now seems to have been solved. we have successfully verified the file size, isn't it. However, the final conclusion in this article is that the Flash-based file size verification is still not feasible.

The only purpose of file size verification is to upload files. In the Demo above, we can see that the successfully verified file name is displayed in an input box. Do people familiar with uploading feel nothing missing? Yes, you can only get the file name through flash, but cannot get the complete path of the file, while the file path is a required condition for input Upload. Therefore, although the file size can be verified through interaction between Flash and Js, all we can do is verify the file size. if we want to upload the file later, we can only continue using flash.

Flash development blocks the complete file path for security considerations. However, the file upload verification and upload solution, especially in the PHP environment, is still not the best solution.

Of course, there are many ways to make up:

Perl-based FileChucker, XUpload, Uber-Uploader

Flash-based project SWFUpload

In addition, the package uses PHP to directly establish a socket link on the server.

But after all, I hope that one day I can see a strict and robust Upload solution based on HTML. I hope this day will not be too far away.

Finally, the code is downloaded.

Php file upload size settings

When uploading files using php, the most serious problem is that an error occurs when uploading large files. This involves the php configuration file-php. ini

In this configuration file, these values are closely related to file upload:

File_uploads = on // whether the system supports file Upload

Upload_tmp_dir // storage path of temporary files. the default path is the system path in linux, and the path must be specified in win32.

Upload_max_filesize = 2 m // maximum size of file Upload allowed

Post_max_size = 2 m // maximum data capacity that php can accept when the post method is used for php

If the size of the uploaded file is 8 MB (usually), you can modify the above settings to meet your requirements.

But it should be more than 8 m, so we should pay special attention to the other two values in addition to the above values:

Max_execution_time = 30 // maximum time for each script to be executed (the size is large when php is uploaded, which is a time issue)

Memory_limit = 8 m // maximum memory that each script can consume

Try to increase these two values. Generally, most problems can be solved.

It can be inferred that the size of the uploaded file can be infinite. But you need to consider your network situation, and so on.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.