PHP Upload Problem Summary (file size detection, large file upload)

Source: Internet
Author: User
Tags file handling
Background: The tester proposed in the HTML upload a 8G file, why the interface does not immediately return more than the limited size, this block HTML5 file size is limited, the browser has also raised a similar problem, Receiver but at present if the use of a one-time post current PHP upload is no way to immediately through the analysis of the HTTP protocol content-lenth tell the browser, you super, is currently uploaded through HTTP httpbody, such as nginx this piece configuration size, PHP is also configured to intercept the size of the test, the idea is good, but can not be implemented, unless you use a breakpoint upload and the H5 browser with the help of the browser filter once, the server to filter again to be feasible.

Due to both local and server security issues, page file uploads based on input type= "file" have been in a very awkward position. On the one hand, users do not want privacy disclosure, so the browser can not be the user at the time of uploading the files selected to make effective judgments. On the other hand, in order to secure the server side, reduce the burden of transmission, the system would like to be able to start uploading illegal files before users.

One to go, based on the original input mode of uploading, as the network storage site to avoid the problem of the left, but also created a strange plug-ins, uploading clients.

is the upload of input way so bad? Of course not. When uploading a file, it is very simple and reliable, in PHP, we only need a compound form

An input box

and a line of code on the server side

Move_uploaded_file ($_files[' userfile ' [' tmp_name '], '/var/www/uploads/'. basename ($_files[' userfile ' [' name ']));

You can implement the entire upload process.

But as the file grows, the lack of form uploads is exposed. In particular, the simple idea that we want to get the most basic file size to prevent large file uploads has become so difficult. The following one by one lanes come:

by max_file_size

We often read in the manual:

Max_file_size hidden Fields (in bytes) must precede the file input field with a value of the maximum size of the received file. This is a suggestion for the browser, PHP will also check this. This setting can be bypassed easily on the browser side, so do not expect this feature to block large files. In fact, the maximum upload file value in PHP settings is not invalidated. However, it is best to add this item to the form because it avoids the hassle of having to wait for a large file to be uploaded before the user discovers that the file is too large to upload.

Obviously PHP developers also consider the issue of large file uploads, but as the manual says, max_file_size is just a suggestion for the browser, in fact, so far all the mainstream browser has not adopted this recommendation, so the use of max_file_size constrained file size with the device, cannot be done.

Through the server-side

Max_file_size since invalid, then the user can upload files to the server, the server side through $_files[' userfile ' [' Size '] to determine the size of the user uploaded files, and then decide whether to accept the upload and return information. Excluding server load and possible malicious vandalism, this solution sounds like a waste of bandwidth, as well as the ability to bind users to upload files.

This is not possible, however, and PHP file uploads are affected by the following settings: php.ini

Post_max_size

Upload_max_filesize

Max_execution_time

Memory_limit

Although the Setup method in the manual has a more detailed description, the reason is still said that this method is not feasible, because the PHP execution script when more than Memory_limit, the post data will be all lost and will not error!

Imagine the user filled out a long form, and accompanied by a file more than Memory_limit upload, after a long wait time to find and so on is a clean blank form, that is how impressive user experience ah. Moreover, dozens of m of server traffic is only used to detect file size, is not allowed in the current network environment.

Through JavaScript

JavaScript is browser-based, although JS can accomplish a lot of seemingly impossible tasks, but the browser can't do things JS also can not do. Congenital deficiency is doomed to this job only by JavaScript is not competent. However, some IE only methods are still exist, for reference only.

Via Flash

Flash's Filereference class provides a comprehensive set of file handling methods, and most large file uploads now use flash-based solutions. If the use of flash and JS interaction, can realize the client file size detection? The answer is doable.

First, instantiate the Filereference class in the Flash file.

var fr = new Filereference ();

Based on this class, you can replace the browser's events with the file browse and Selectfile events provided by Flash. We need to:

1. Binding Selectfile

Fr.addeventlistener (Event.select, onselectfile);

2. Create an object for JS access to place the file information that Flash obtains

var s = {

size:0,

Name: ",

Type: '

}

3. Create the file browse method

function Browsefile (): void {

Fr.browse ();

}

4. When the Selectfile event is triggered, pass the file information

function Onselectfile (e:event): void {

S.size = fr.size;

S.name = Fr.name;

S.type = Fr.type;

}

5. Make the Browsefile method publicly available for JS invocation

Externalinterface.addcallback ("Browsefile", browsefile);

6. Pass the obtained file information to JS

Externalinterface.call ("Onselectfile", s);

Now we can get the file size information sent by flash through JS, the specific implementation can see the demo.

Conclusion

The problem seems to have been solved, we have successfully verified the size of the file is not it. However, the final conclusion of this paper is that the file size check based on Flash is still not feasible.

The only purpose of the file size check is to upload. In the demo above you can see that the file name of the verification success is displayed in an input box. The students who are familiar with uploading do not feel anything less? Yes, through Flash can only get the file name, but not the full path of the files, and the file path is the input method to upload the necessary conditions. So although can be successful through the Flash and JS Interactive check file size, but we can do is just a verification, and then want to upload, only continue through the flash way.

Flash development for security reasons blocked the full path of the file this is understandable, but the file upload, especially in PHP environment file verification upload scheme still not get the best solution.

Of course there are many ways to compensate:

Perl-based Project Filechucker, Xupload, Uber-uploader

Flash-based Project SWFUpload

There is also a package with PHP directly in the server gorgeous to establish a socket link.

But after all, I hope that one day I can see the thorough robust uploading scheme based on HTML only, I hope this day will not be too far.

Finally, this time the code download.

From: http://blog.sina.com.cn/s/blog_460136b40100txyx.html

  • Related Article

    Contact Us

    The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

    If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

    A Free Trial That Lets You Build Big!

    Start building with 50+ products and up to 12 months usage for Elastic Compute Service

    • Sales Support

      1 on 1 presale consultation

    • After-Sales Support

      24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.