0

I am posting an image file to the server and everything is fine. However, in cases when the user posts something bigger I get this warning. What could I do to avoid this warning?

I don't want solutions that would hide the warning nor increase the post size. I want something that would block the request from uploading the file to the server entirely and catch that warning.

Andrew
  • 6,254
  • 16
  • 59
  • 93
  • The only thing that could stop the request from happening in the first place is the browser. Since HTML does not provide a way to instruct the browser to impose a limit, you are out of luck. – Jon Jun 23 '13 at 20:11
  • 1
    You could just check for the file size in jQuery and block the form from submitting. – Achrome Jun 23 '13 at 20:11
  • 2
    @ash - that might be possible.. but this question is tagged with PHP and not jQuery.. – Lix Jun 23 '13 at 20:13
  • 1
    I know that, but he wanted to know about a solution which blocks the upload entirely without the server throwing warnings. The only option in that case is to block it from the client side instead of the server side. – Achrome Jun 23 '13 at 20:14
  • jQuery could be a solution, right. One question: is the file uploaded to the server or is it discarded if it exceeds the size specified by php.ini? – Andrew Jun 23 '13 at 20:15
  • possible duplicate of [How to validate file size before uploading?](http://stackoverflow.com/questions/7146816/how-to-validate-file-size-before-uploading) – mario Jun 23 '13 at 20:15
  • Client side validation is insecure (IMO) since the client can always edit the page or post directly to your PHP script. So you need to check for it on both sides. You might take a look at [this question](http://stackoverflow.com/q/2133652). – HamZa Jun 23 '13 at 20:21
  • possible duplicate of [How to gracefully handle files that exceed PHP's \`post\_max\_size\`?](http://stackoverflow.com/questions/2133652/how-to-gracefully-handle-files-that-exceed-phps-post-max-size) – dev-null-dweller Jun 23 '13 at 20:41
  • there is nothing you can do in PHP to fix this. PHP scripts are not invoked until **AFTER** the upload has completed or been terminated/aborted. – Marc B Jun 23 '13 at 20:50

2 Answers2

2

This is what worked for me. It seems that when PHP sees a file that is too large, deletes all the POST data. So this code fragment worked for me:

if ($_SERVER['REQUEST_METHOD'] == 'POST' && count($_POST) < 1 ) {
    $_SESSION['error'] = 'File upload size exceeded';
    header('Location: index.php');
    return;
}

Of course your page should be designed not to submit empty POST pages with no input parameters.

drchuck
  • 4,415
  • 3
  • 27
  • 30
0

One thing what you can do is give a maximum size on the HTML form.

<input type="hidden" name="MAX_FILE_SIZE" value="4194304" />

It's not bulletproof, but it has some impact. Why this is not so good is explained in this comment - it is only checked by PHP, so uploading will start and continue up until this limit is reached.

My recommendation is that you could use that together with a javascript solution, as described here. It only works if javascript is enabled, of course.

Community
  • 1
  • 1
eis
  • 51,991
  • 13
  • 150
  • 199
  • 1
    that setting cannot do ANYTHING to override php.ini/httpd.conf settings. it's basically useless fluff to make people feel better. Otherwise anyone could trivially bypass server-side limits by fiddling with the html in their browser. – Marc B Jun 23 '13 at 20:46
  • @MarcB um, it's not overriding anything, it's an additional limit? – eis Jun 23 '13 at 20:48
  • at best it's a hint to the browser to not allow anything over that size. but in real-world terms, it's next to useless. – Marc B Jun 23 '13 at 20:49
  • @MarcB if you're unfamiliar with it, please read up on it before making such claims. It is not a hint to the browser, it's one of PHPs features. – eis Jun 23 '13 at 20:50