2

how to add size limit in this code? I am new to php. Trying to create forms. i found this code online but when i upload a file it accepts only 700kb files and not more then that otherwise it gives an error. I need at least 20mb. what I will have to write in my code to make it work? even it should help in updating. Please help

<body>
<div id="art-main">
    <div id="art-header-bg" class="clearfix">
    </div>
    <div id="art-hmenu-bg" class="art-bar art-nav clearfix">
    </div>
    <div class="art-sheet clearfix">
        <header class="art-header clearfix">
            <div class="art-shapes">
                <h1 class="art-headline" data-left="0.5%">
                    <a  href="http://www.99demos.blogspot.com" target="_blank">library</a>
                </h1>
                <h2 class="art-slogan" data-left="87.05%"><a href="http://99demos.blogspot.in/2014/06/createreadupdate-delete-with-image.html"></a></h2>
            </div>
            <nav class="art-nav clearfix">
                <div class="art-nav-inner">
                    <ul class="art-hmenu"><li><a href="index.php" class="active">Home</a></li></ul> 
                </div>
            </nav>
        </header>
        <div class="art-layout-wrapper clearfix">
            <div class="art-content-layout">
                <div class="art-content-layout-row">
                    <div class="art-layout-cell art-content clearfix"><article class="art-post art-article">
                            <h2 class="art-postheader">customer form</h2>

                            <div class="art-postcontent art-postcontent-0 clearfix"><div class="art-content-layout">
                                    <div class="art-content-layout-row">
                                        <div class="art-layout-cell layout-item-0" style="width: 100%" >
                                            <br>


<?php
ob_start();
include('include/connect.php');
if (isset($_GET['id'])) {

    $qry = "SELECT * FROM tbl_emp where id=" . $_GET['id'];
    $result = mysql_query($qry);
    $row = mysql_fetch_array($result);

    if ($_SERVER["REQUEST_METHOD"] == "POST") {
        $name = $_POST["name"];
        $age = $_POST["age"];
        $gender = $_POST['gender'];
        $martial = $_POST["martial"];
        $contact = $_POST["contact"];
        $email = $_POST["email"];
        $location = $_POST["location"];
        $drname = $_POST["drname"];
        $cname = $_POST["cname"];
        $clocation = $_POST["clocation"];
        $implants = implode(',', $_POST['implants']);
        $problem = $_POST["problem"];
        $tgiven = $_POST["tgiven"];
        $tdate = $_POST["tdate"];
        IF ($_FILES['file']['name'] != '') {
            $file = 'uploads/' . $row['image'];
            @unlink($file);
            $tmp_name = $_FILES["file"]["tmp_name"];
            $namefile = $_FILES["file"]["name"];
            $ext = end(explode(".", $namefile));
            $image_name = time() . "." . $ext;
            $fileUpload = move_uploaded_file($tmp_name, "uploads/" . $image_name);
        } else {
            $image_name = $row['image'];
        }

        $sqlAdd = "update tbl_emp set name='" . $name . "', age='" . $age . "', gender='" . $gender . "', martial='" . $martial . "', contact='" . $contact . "', email='" . $email . "', location='" . $location . "', drname='" . $drname . "', cname='" . $cname . "', clocation='" . $clocation . "', implants='" . $implants . "', problem='" . $problem . "', tgiven='" . $tgiven . "', tdate='" . $tdate . "', image='" . $image_name . "'  where id=" . $_GET['id'];
        mysql_query($sqlAdd);
        header("Location:add.php?id=" . @$_GET['id'] . "&msg=success");
        exit;
    }
} else {
    if ($_SERVER["REQUEST_METHOD"] == "POST") {
        $name = $_POST["name"];
        $age = $_POST["age"];
        $gender = $_POST['gender'];
        $martial = $_POST["martial"];
        $contact = $_POST["contact"];
        $email = $_POST["email"];
        $location = $_POST["location"];
        $drname = $_POST["drname"];
        $cname = $_POST["cname"];
        $clocation = $_POST["clocation"];
        $implants = $_POST["implants"];

        $problem = $_POST["problem"];
        $tgiven = $_POST["tgiven"];
        $tdate = $_POST["tdate"];
        IF ($_FILES['file']['name'] != '') {
            $tmp_name = $_FILES["file"]["tmp_name"];
            $namefile = $_FILES["file"]["name"];
            $ext = end(explode(".", $namefile));
            $image_name = time() . "." . $ext;

            $fileUpload = move_uploaded_file($tmp_name, "uploads/" . $image_name);
        }
        $sqlAdd = mysql_query("insert into tbl_emp(name,age,gender,martial,contact,email,location,drname,cname,clocation,implants,problem,tgiven,tdate,image) VALUES('$name','$age','$gender','$martial','$contact','$email','$location','$drname','$cname','$clocation','$implants','$problem','$tgiven','$tdate','$image_name')");
        header("Location:index.php?msg=success");
        exit;
    }
}
ob_end_flush();

if (isset($_GET['msg'])) {
    ?>
    <div style="color:red;padding-bottom:10px;" class="form-message" align="center"><b>Task completd successfully.</b></div>
    <?php
}
?>
                                            <form  method="post" name="login" id="login" enctype="multipart/form-data">
                                                <table class="table" width="100%">
                                                    <tr>
                                                        <td width="10%">Customer Details</td>
                                                        <td></td>
                                                    </tr>
                                                    <tr>
                                                        <td width="10%">Full Name</td>
                                                        <td><input name="name" type="text" placeholder="Firstname Lastname" pattern="[A-Za-z-0-9]+\s[A-Za-z-'0-9]+" required value="<?php echo @$row['name']; ?>"></td>
                                                    </tr>
                                                    <tr>
                                                        <td width="20%">Age</td>
                                                        <td><input name="age" type="text" value="<?php echo @$row['2']; ?>" ></td>
                                                    </tr>
                                                    <tr>
                                                        <td>Gender</td>
                                                        <td><input type="Radio" name="gender" value="male" <?php
                                                            if ($gender == 'male') {
                                                                echo 'checked';
                                                            }
                                                            ?> />
                                                            Male
                                                            <input type="Radio" name="gender" value="female" <?php
                                                            if ($gender == 'female') {
                                                                echo 'checked';
                                                            }
                                                            ?> />
                                                            Female</td>
                                                    </tr>
                                                    <tr>
                                                        <td width="10%">Martial Status</td>
                                                        <td><input name="martial" type="text" value="<?php echo @$row['4']; ?>" ></td>
                                                    </tr>
                                                    <tr>
                                                        <td width="20%">Contact Number</td>
                                                        <td><input name="contact" type="text" value="<?php echo @$row['5']; ?>"></td>
                                                    </tr>
                                                    <tr>
                                                        <td width="10%">Email Address</td>
                                                        <td><input name="email" type="text" value="<?php echo @$row['6']; ?>"></td>
                                                    </tr>
                                                    <tr>
                                                        <td width="10%">Location</td>
                                                        <td><input name="location" type="text" value="<?php echo @$row['7']; ?>" ></td>
                                                    </tr>
                                                    <tr>
                                                        <td width="10%">Treatment Details</td>
                                                        <td></td>
                                                    </tr>
                                                    <tr>
                                                        <td width="10%">Doctor Name</td>
                                                        <td><input name="drname" type="text" value="<?php echo @$row['8']; ?>" ></td>
                                                    </tr>
                                                    <tr>
                                                        <td width="10%">Clinic Name</td>
                                                        <td><input name="cname" type="text" value="<?php echo @$row['9']; ?>" ></td>
                                                    </tr>
                                                    <tr>
                                                        <td width="10%">Clinic Location & Branch</td>
                                                        <td><input name="clocation" type="text" value="<?php echo @$row['10']; ?>" ></td>
                                                    </tr>
                                                    <tr>
                                                        <td width="10%">Implants</td>
                                                        <td>

                                                            <select name="implants"  id="implants" value="<?php echo @$row['11']; ?>">
                                                                <option <?php if ($implants == '1') echo 'selected="selected'; ?> value="1">1</option>
                                                                <option <?php if ($implants == '2') echo 'selected="selected'; ?> value="2">2</option>
                                                                <option <?php if ($implants == '3') echo 'selected="selected'; ?> value="3">3</option>
                                                            </select>
                                                        </td>
                                                    </tr>
                                                    <tr>
                                                        <td width="10%">Problem</td>
                                                        <td><input name="problem" type="text" value="<?php echo @$row['12']; ?>" ></td>
                                                    </tr>
                                                    <tr>
                                                        <td width="10%">Treatment Given</td>
                                                        <td><input name="tgiven" type="text" value="<?php echo @$row['13']; ?>" ></td>
                                                    </tr>
                                                    <tr>
                                                        <td width="10%">Treatment Date</td>
                                                        <td><input name="tdate" type="date" value="<?php echo @$row['14']; ?>" ></td>
                                                    </tr>
                                                    <tr>
                                                        <td>multifile
                                                        <td>
                                                            <input id="fileupload" type="file" multiple="multiple" />
                                                            <hr />
                                                            <b>Live Preview</b>
                                                            <br />
                                                            <br />
                                                            <div id="dvPreview">
                                                            </div>
                                                        </td>

                                                    </tr>
                                                    <tr>
                                                        <td width="10%">X-Ray Image</td>
                                                        <td><input name="file" type="file" multiple="" ></td>

                                                    </tr>
                                                    <?php
                                                    if (isset($row['image'])) {
                                                        ?>
                                                        <tr>
                                                            <td>&nbsp;</td>
                                                            <td><img src="uploads/<?php echo $row['image']; ?> " height="50" width="50"></td>
                                                        </tr>
                                                        <?php
                                                    }
                                                    ?>
                                                    <tr>
                                                        <td>&nbsp;</td>
                                                        <td>
                                                            <input name="submit" value="Submit" type="submit" class="submit">
                                                            <input name="submit" value="Cancel" type="button" class="submit" onClick="window.location = 'index.php'">
                                                        </td>
                                                    </tr>
                                                </table>
                                            </form>
                                        </div>
                                    </div>
                                </div>
                            </div>
                        </article></div>
                </div>
            </div>
        </div>
    </div>
    <footer class="art-footer clearfix">
        <div class="art-footer-inner">
            <p>Copyright © 2016. All Rights Reserved.</p>
            <p class="art-page-footer">

            </p>
        </div>
    </footer>

</div>

my php.ini file

; This file is for CGI/FastCGI installations.
; Try copying it to php5.ini, if it doesn't work

; adjust memory limit

memory_limit = 64M

max_execution_time = 18000

; disable magic quotes for php request vars

magic_quotes_gpc = off

; disable automatic session start
; before autoload was initialized

flag session.auto_start = off

; enable resulting html compression

zlib.output_compression = on

; disable user agent verification to not break multiple image upload

suhosin.session.cryptua = off

; turn off compatibility with PHP4 when dealing with objects

zend.ze1_compatibility_mode = off

; PHP for some reason ignores this setting in system php.ini 
; and disables mcrypt if this line is missing in local php.ini

extension=mcrypt.so

; Disable PHP errors, notices and warnings output in production mode to prevent exposing sensitive information.

display_errors = Off
RiggsFolly
  • 93,638
  • 21
  • 103
  • 149
NS123
  • 67
  • 5
  • 2
    [Your script is at risk for SQL Injection Attacks.](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php) – Jay Blanchard Feb 29 '16 at 13:13
  • 2
    Please [stop using `mysql_*` functions](http://stackoverflow.com/questions/12859942/why-shouldnt-i-use-mysql-functions-in-php). [These extensions](http://php.net/manual/en/migration70.removed-exts-sapis.php) have been removed in PHP 7. Learn about [prepared](http://en.wikipedia.org/wiki/Prepared_statement) statements for [PDO](http://php.net/manual/en/pdo.prepared-statements.php) and [MySQLi](http://php.net/manual/en/mysqli.quickstart.prepared-statements.php) and consider using PDO, [it's really pretty easy](http://jayblanchard.net/demystifying_php_pdo.html). – Jay Blanchard Feb 29 '16 at 13:13
  • I didn't find any condition related to file size in your code. You should check your `php.ini`. – urfusion Feb 29 '16 at 13:16
  • Please post related code to query so it is easy to understand where problem might be. – urfusion Feb 29 '16 at 13:16
  • i will integrate this on website. – NS123 Feb 29 '16 at 13:20
  • there is not ini file in my code – NS123 Feb 29 '16 at 13:20
  • No but PHP parameters are controlled by a file called `php.ini` that is where the setting for `upload_max_filesize` & `max_file_uploads` & `post_max_size` are kept. These are all relevant to how many files can be uploaded at one time and how large each file is allowed to be and of course how large the POST buffer shoudl be to accomodate all the files PLUS all the other standard input as well – RiggsFolly Feb 29 '16 at 13:26
  • i have php.ini and this is the code written in it, it is a magento – NS123 Mar 01 '16 at 05:35
  • my php.ini file is in answers section – NS123 Mar 01 '16 at 05:37
  • thanks for RiggsFolly you are really helpfull – NS123 Mar 02 '16 at 05:29

3 Answers3

1

The first thing you should always check when uploading files is the error condition provided in the $_FILES array

// Check $_FILES['file']['error'] value.
switch ($_FILES['file']['error']) {
    case UPLOAD_ERR_OK:
        break;
    case UPLOAD_ERR_NO_FILE:
        echo 'No file sent.';
        break;
    case UPLOAD_ERR_PARTIAL :
        echo 'Only part of the file was uploaded';
        break;
    case UPLOAD_ERR_INI_SIZE:
    case UPLOAD_ERR_FORM_SIZE:
        echo 'Exceeded filesize limit.';
        break;
    default:
        echo 'Unknown errors.';
}

See Error messages explained in the manual

I would guess that you will receive the exceeded filesize limit message.

If that is the case you will have to amend these limits in your php.ini file.

Look for

  • upload_max_filesize (The maximum size of an uploaded file.)

  • max_file_uploads (The maximum number of files allowed to be uploaded simultaneously.)

  • post_max_size (Sets max size of post data allowed. This setting also affects file upload. To upload large files, this value must be larger than upload_max_filesize. Generally speaking, memory_limit should be larger than post_max_size. When an integer is used, the value is measured in bytes. Shorthand notation, as described in this FAQ, may also be used. If the size of post data is greater than post_max_size, the $_POST and $_FILES superglobals are empty. This can be tracked in various ways, e.g. by passing the $_GET variable to the script processing the data, i.e. , and then checking if $_GET['processed'] is set.)

  • memory_limit (This sets the maximum amount of memory in bytes that a script is allowed to allocate. This helps prevent poorly written scripts for eating up all available memory on a server. Note that to have no memory limit, set this directive to -1.)

The manual so you can work out what values to use http://php.net/manual/en/ini.list.php

Remember they are related so a simple rule-of-thumb to calculate post_max_filesize them would be 

post_max_size = (upload_max_filesize * max_file_uploads) 
                 + some additional space for all other input fields

The manual http://php.net/manual/en/features.file-upload.php

RiggsFolly
  • 93,638
  • 21
  • 103
  • 149
-1

I didn't find any condition related to file size in your code. You should check your php.ini.

for validating size you just have to check the file size.

$maxsize    = 2097152; // 2MB

if(($_FILES['file']['size'] >= $maxsize) || ($_FILES['file']["size"] == 0)) {
    echo $errors = 'File too large. File must be less than 2 megabytes.';
}
urfusion
  • 5,528
  • 5
  • 50
  • 87
  • He does not want to limit the size of the files uploaded, he wants to be able to upload one or more files larger than the limits currently set in `php.ini` – RiggsFolly Feb 29 '16 at 13:29
  • @RiggsFolly : "how to add size limit in this code? and I need at least 20mb". these line are in question. – urfusion Feb 29 '16 at 13:31
  • As you _didn't find any condition related to file size in your code._ Then there is nothing in there to limit the size of files being uploaded. Therefore it has to be related to the basic PHP configuration that is limiting the size of files allowed to be uploaded. Surely? – RiggsFolly Feb 29 '16 at 13:36
  • @RiggsFolly : yes totally agree. But I think I should tell user how to validate size of image by php code. So user can set whatever limit he want in `php.ini` and validate by own custom size limit. Am I wrong? – urfusion Feb 29 '16 at 13:38
  • $maxsize = 2097152; // 2MB if(($_FILES['file']['size'] >= $maxsize) || ($_FILES['file']["size"] == 0)) { echo $errors = 'File too large. File must be less than 2 megabytes.'; } – NS123 Feb 29 '16 at 13:49
  • you can add this line just after `if($_FILES['file']['name'] != '') {` – urfusion Feb 29 '16 at 13:50
  • its ok if it is more then 20 or anything but now the situation is i cant upload after 700kb its is keeps on uploading when i try and at the add it shows webpage not available. – NS123 Feb 29 '16 at 13:50
  • No its not working. it stucks at 3% and keep loading and loading – NS123 Feb 29 '16 at 13:52
  • have you check your `php.ini` file – urfusion Feb 29 '16 at 13:53
  • This is PHP code to limit the allowed size of the uploaded file. They are doing nothing to solve your issue that you are not allowed by PHP to upload any file larger than 700Kb – RiggsFolly Feb 29 '16 at 13:55
  • See my answer, at least it will move you in the right direction – RiggsFolly Feb 29 '16 at 14:08
-1

Implement the given code in your file 

<?php
$uploadOk=1; 
if($_FILES['file']['name']!='')
{
    if ($_FILES["fileToUpload"]["size"] > 2500000) 
    {
      $uploadOk = 0;
    }
    $tmp_name = $_FILES["file"]["tmp_name"];
    $namefile = $_FILES["file"]["name"];
    $ext = end(explode(".", $namefile));
    $image_name=time().".".$ext;
    if($uploadOk==1)
    {
        $fileUpload = move_uploaded_file($tmp_name,"uploads/".$image_name);
    }
    else
    {
          header("location:add.php?id=".$_GET['id']."&msg=error");
    }
}
?>
Manjeet Barnala
  • 2,975
  • 1
  • 10
  • 20
  • He does not want to limit the size of the files uploaded, he wants to be able to upload one or more files larger than the limits currently set in `php.ini` – RiggsFolly Feb 29 '16 at 13:29
  • This is PHP code to limit the allowed size of the uploaded file. They are doing nothing to solve your issue that you are not allowed by PHP to upload any file larger than 700Kb – RiggsFolly Feb 29 '16 at 13:55