0

with this messages "Size maximum is 2 MB"

How to insert size validation on this action? i will make 2 upload files, so this is my code...

<?php 
include 'koneksi.php';
$nama  = $_POST['nama'];
$kelas = $_POST['kelas'];
$alamat = $_POST['alamat'];

$rand1 = rand();
$rand2 = rand();

$allowed = array('pdf');

$filename1 = $_FILES['file1']['name'];
$filename2 = $_FILES['file2']['name'];

$ekstensi1 = pathinfo($filename1, PATHINFO_EXTENSION);
$ekstensi2 = pathinfo($filename2, PATHINFO_EXTENSION);

if($filename1 != "" && in_array($ekstensi1,$allowed)){
    move_uploaded_file($_FILES['file1']['tmp_name'], 'pdf1/'.$rand1.'_'.$filename1);
    $nama_file1 = $rand1.'_'.$filename1;
}else{
    $nama_file1 = "";
}

if($filename2 != "" && in_array($ekstensi2,$allowed)){
    move_uploaded_file($_FILES['file2']['tmp_name'], 'pdf2/'.$rand2.'_'.$filename2);
    $nama_file2 = $rand2.'_'.$filename2;
}else{
    $nama_file2 = "";
}
mysqli_query($koneksi, "insert into siswa values (NULL,'$nama','$kelas','$alamat','$nama_file1','$nama_file2')");
header("location:index.php");

Thank you for helping

dota lavista
  • 19
  • 5
  • $_FILES['file_1']['size'] will give you the size of an uploaded file. – no ai please Jul 31 '21 at 16:30
  • 1
    **Warning:** You are wide open to [SQL Injections](https://php.net/manual/en/security.database.sql-injection.php) and should use parameterized **prepared statements** instead of manually building your queries. They are provided by [PDO](https://php.net/manual/pdo.prepared-statements.php) or by [MySQLi](https://php.net/manual/mysqli.quickstart.prepared-statements.php). Never trust any kind of input! Even when your queries are executed only by trusted users, [you are still in risk of corrupting your data](http://bobby-tables.com/). [Escaping is not enough!](https://stackoverflow.com/q/5741187) – Dharman Jul 31 '21 at 17:26
  • @Someone_who_likes_SE would u like share the full code pls, sir :D – dota lavista Aug 01 '21 at 04:30
  • What if my input is `'); DROP TABLE siswa; --`? – no ai please Aug 01 '21 at 16:53

2 Answers2

2

if (!isset($_GET['id'])) {

        $klasör = "../uploads/post/image";
        $inputname= $_FILES['resim'];
        $tmp_name = $inputname['tmp_name'];
        $name  = $inputname['name'];
        $size  = $inputname['size'];
        $tip  = $inputname['type'];
        $uzantı = substr($name,-4,4);
        $sayı_uret1= rand(10000,50000);
        $sayı_uret2= rand(10000,50000);
        $resim_ad = $sayı_uret1.$sayı_uret2.$uzantı;
        if (strlen($name)==0) {
            echo "<script> Notiflix.Report.Failure( 'Error', 'Empty File Cannot Be Uploaded ', 'Ok', function(){ window.location.href = window.location.href;}); </script>";
            exit();
        }else if ($size> (1024*1024*3)) {
            echo "<script>Notiflix.Report.Failure( 'Error', 'File Size Too Large Cannot Be Uploaded ', 'Ok', function(){ window.location.href = window.location.href;}); </script>";   
            exit();
        }  .......
Bahri Kement
  • 21
  • 1
1

To validate file size:

$_FILES['yourfile']['size'];

So let's say you have an HTML form:

<form action=
             "process.php" 
      method=
             "post"
     enctype="multipart/form-data">
<label>
  Your File:
  <input type="file" name="yourfile" />
</label>
<input type="submit" value="send" />
</form>
You'll see something like this after selecting a file:
file selection wizard

Notice that if you select a 2GB file, it will still get there.

The validation

Then process.php looks like this:

<?php
$size = $_FILES['yourfile']['size'];
$twoMB = 2*1024*1024; // two megabytes is 2*1024*1024 bytes
if ($size < $twoMB) {
    // yay file is under 2 MB
} else {
    echo 'oops you need to select a smaller file';
}
no ai please
  • 732
  • 3
  • 11
  • 24