2

I want to save bandwidth and restrict the size of uploaded files to our webpage. The problem is that I can set the maximal size of uploaded file (e.g., 1 MB) but a user can select 50 MB file and can upload it to find out that PHP really doesn't accept files of this size -- the uploading is totally unnecessary.

Can I prevent this somehow?

(I can check file size in Javascript but not all browsers support this. Flash is an option but it's not universal either).

Thanks!

hakre
  • 193,403
  • 52
  • 435
  • 836
MartyIX
  • 27,828
  • 29
  • 136
  • 207
  • 1
    You can configure your webserver to deny such large incomming requests earlier before those reach PHP. Additionally you can configure PHP with a maximum file upload limit. What have you done so far? What is your current configuration (take a look into phpinfo() for example), see as well: http://stackoverflow.com/questions/757111/large-file-upload-errors-with-php – hakre Oct 11 '11 at 15:33
  • possible duplicate of [How can I limit users from uploading more then 5MB to the server?](http://stackoverflow.com/questions/4476350/how-can-i-limit-users-from-uploading-more-then-5mb-to-the-server) – hakre Oct 11 '11 at 15:36

1 Answers1

8

Use the LimitRequestBody Directive in .htaccess:

Example (setting a 1Mb limit). Create/modify your .htaccess file (in your webroot, or higher), and add:

LimitRequestBody 1048576

When the limit is exceeded, the request will be interrupted. The user will get a response similar to:

413 Request entity too large

Also: Rule 1: Never trust the client! You should always do such checks server-side, because the client can easily circumvent your JavaScript checks, and do anything which is not restricted by the server.
Rob W
  • 341,306
  • 83
  • 791
  • 678