This article mainly introduces the summary of PHP file upload problems, including file size detection and large file Upload processing. interested friends can refer to the security issues related to local and server, therefore, page file Upload based on input type = "file" is always in a very embarrassing position. On the one hand, users do not want to disclose their privacy. Therefore, the browser cannot effectively determine the files selected by users during uploads. On the other hand, to ensure the security of the server and reduce the transmission burden, the system also hopes to reject illegal files before the user starts uploading.
First, the upload based on the original input method has become a legacy problem for the network storage website to avoid, and has created a strange plug-in and upload client.
Is the input Upload so bad? Of course not. When a file is not uploaded, it is very simple and reliable. in PHP, we only need a compound form:
The code is as follows:
Input box:
The code is as follows:
And a line of code on the server:
The code is as follows:
Move_uploaded_file ($ _ FILES ['userfile'] ['tmp _ name'], '/var/www/uploads /'. basename ($ _ FILES ['userfile'] ['name']);
You can complete the upload process.
However, as the file grows, insufficient form uploads will be exposed. In particular, the simple idea of getting the most basic file size to stop uploading large files has become so difficult. Here is one of the following:
Use MAX_FILE_SIZE
MAX_FILE_SIZE the hidden field (in bytes) must be placed before the input field of the file, and its value is the maximum size of the received file. This is a suggestion for the browser. PHP will also check this item. This setting can be simply bypassed on the browser side, so do not expect this feature to block large files. In fact, the maximum value of uploaded files in PHP settings will not expire. However, it is best to add this project to the form, because it can avoid the trouble of file Upload failure only after the user spends the time waiting to upload a large file.
Obviously, PHP developers have also considered the issue of uploading large files, but as mentioned in the manual, MAX_FILE_SIZE is just a suggestion for browsers, as a matter of fact, all mainstream browsers have not adopted this advice so far, so the use of MAX_FILE_SIZE constraints file size is the same as the decoration, not feasible.
Through the server side
Since MAX_FILE_SIZE is invalid, you can upload the file to the server. the server uses $ _ FILES ['userfile'] ['size'] to determine the size of the uploaded file, then decide whether to accept the upload and return the information. This solution temporarily removes server loads and possible Malicious Damages. it sounds like a waste of bandwidth and can also constrain the upload of files by users.
However, this is not feasible. PHP file upload is affected by the following settings of php. ini:
- Post_max_size
- Upload_max_filesize
- Max_execution_time
- Memory_limit
Although the setting method is described in detail in the manual, it is still said that this method is not feasible because when the php execution script exceeds memory_limit, this POST will all be lost and no error will be reported!
Imagine that the user has filled out an ultra-long form and uploaded it together with a file that exceeds memory_limit. after a long wait, the user finds that another blank table is a clean table, what an impressive user experience is there. Moreover, tens of MB of server traffic is only used to detect the file size, which is not allowed in the current network environment.
Using Javascript
Javascript is browser-based. although Javascript can accomplish many seemingly impossible tasks, JS cannot do anything that the browser cannot do. It is doomed that Javascript alone cannot be used for this job. However, some IE Only methods still exist for reference Only.
Flash
The FileReference class of Flash provides a set of comprehensive file processing methods. Currently, most large file uploads also adopt Flash-based solutions. If Flash is used to interact with Js, can the client detect the file size? The answer is feasible.
First, instantiate the FileReference class in the flash file.
var fr = new FileReference();
Based on this class, you can use the file browse and SelectFile events provided by Flash to replace browser events. We need:
1. bind SelectFile
fr.addEventListener(Event.SELECT, onSelectFile);
2. create an object for Js access to store the file information obtained by flash.
var s = { size:0, name:'', type:''}
3. create a file browse
function browseFile():void {
fr.browse();
}
4. when the SelectFile event is triggered, the file information is transmitted.
function onSelectFile(e:Event):void {
s.size = fr.size;
s.name = fr.name;
s.type = fr.type;
}
5. publish the browseFile method for Js calls.
ExternalInterface.addCallback("browseFile", browseFile);
6. pass the obtained file information to Js
ExternalInterface.call("onSelectFile",s);
Now we can get the file size information transmitted by flash through Js. for details, see the Demo.
Conclusion
The problem now seems to have been solved. we have successfully verified the file size, isn't it. However, the final conclusion in this article is that the Flash-based file size verification is still not feasible.
The only purpose of file size verification is to upload files. In the Demo above, we can see that the successfully verified file name is displayed in an input box. Do people familiar with uploading feel nothing missing? Yes, you can only get the file name through flash, but cannot get the complete path of the file, while the file path is a required condition for input Upload. Therefore, although the file size can be verified through interaction between Flash and Js, all we can do is verify the file size. if we want to upload the file later, we can only continue using flash.
Flash development blocks the complete file path for security considerations. However, the file upload verification and upload solution, especially in the PHP environment, is still not the best solution.
Of course, there are many ways to make up:
Perl-based projectsFileChucker, XUpload, Uber-Uploader
Flash-based projectsSWFUpload
There are also packages directly using PHPEstablish a socket link on the server.
But after all, I hope that one day I can see a strict and robust Upload solution based on HTML. I hope this day will not be too far away.
Finally, the code is downloaded.
Php file upload size settings
When uploading files using php, the most serious problem is that an error occurs when uploading large files. This involves the php configuration file-php. ini
In this configuration file, these values are closely related to file upload:
- File_uploads = on // whether the system supports file Upload
- Upload_tmp_dir // storage path of temporary files. the default path is the system path in linux, and the path must be specified in win32.
- Upload_max_filesize = 2 m // maximum size of file Upload allowed
- Post_max_size = 2 m // maximum data capacity that php can accept when the post method is used for php
If the size of the uploaded file is 8 MB (usually), you can modify the above settings to meet your requirements.
But it should be more than 8 m, so we should pay special attention to the other two values in addition to the above values:
- Max_execution_time = 30 // maximum time for each script to be executed (the size is large when php is uploaded, which is a time issue)
- Memory_limit = 8 m // maximum memory that each script can consume
Try to increase these two values. Generally, most problems can be solved.
It can be inferred that the size of the uploaded file can be infinite. But you need to consider your network situation, and so on.
On php.net, some people say that after this method is changed, files larger than MB will still encounter errors. I don't know if PHP is a problem.
We will introduce the problem to you first, hoping to help you solve the php file upload problem.