FUDforum
Fast Uncompromising Discussions. FUDforum will get your users talking.

Home » Imported messages » comp.lang.php » My head is spinning
Show: Today's Messages :: Polls :: Message Navigator
Return to the default flat view Create a new topic Submit Reply
Re: My head is spinning [message #169428 is a reply to message #169424] Sun, 12 September 2010 02:21 Go to previous message
Norman Peelman is currently offline  Norman Peelman
Messages: 126
Registered: September 2010
Karma:
Senior Member
MikeB wrote:
> Please help me understand, my head is absolutely spinning and I can't
> get my mind around this.
>
> In the php.net site there is an example on uploading a file via a
> form. http://www.php.net/manual/en/features.file-upload.post-method.php
>
> This is the sample code for the form:
>
> <form enctype="multipart/form-data" action="__URL__" method="POST">
> <!-- MAX_FILE_SIZE must precede the file input field -->
> <input type="hidden" name="MAX_FILE_SIZE" value="30000" />
> <!-- Name of input element determines name in $_FILES array -->
> Send this file: <input name="userfile" type="file" />
> <input type="submit" value="Send File" />
> </form>
>
> Is MAX_FILE_SIZE passed to PHP as $MAX_FILE_SIZE?
>
> Assuming I want to make it a variable in my PHP code, can I do this:
>
> <?php
>
> $MAX_FILE_SIZE = 30000;
>
> echo <<<_END
> <form enctype="multipart/form-data" action="__URL__" method="POST">
> <!-- MAX_FILE_SIZE must precede the file input field -->
> <input type="hidden" name="MAX_FILE_SIZE" />
> <!-- Name of input element determines name in $_FILES array -->
> Send this file: <input name="userfile" type="file" />
> <input type="submit" value="Send File" />
> </form>
> <<<_END
> <?
>
> In other words, simply omitting the "value" clause in the form field?
>
> And can I make that value a global constant somehow so that I can
> later also test the actual size of the uploaded file in another
> function?
>
> Or do I have to do this:
>
> <?php
>
> $MAX_UPLOAD_SIZE = 30000;
>
> echo <<<_END
> <form enctype="multipart/form-data" action="__URL__" method="POST">
> <!-- MAX_FILE_SIZE must precede the file input field -->
> <input type="hidden" name="MAX_FILE_SIZE"
> value="$MAX_UPLOAD_SIZE"/>
> <!-- Name of input element determines name in $_FILES array -->
> Send this file: <input name="userfile" type="file" />
> <input type="submit" value="Send File" />
> </form>
> <<<_END
> <?
>
> I'm also concerned that in the first instance, a malicious user can
> modify the value and I will be hosed. Am I correct?
>
> Thanks.

<input type="hidden" name="MAX_FILE_SIZE" value="30000" />

has nothing to do with PHP... This is a directive for the browser to not
process a file over that limit. It's not 100% reliable but seems to be
needed for the browser to process the upload.

PHP, on the other hand has setting(s) (php.ini) that control the
server side of things (for PHP). Among them are PHP memory allowance and
upload size. Many can be set per instance (site, virtualhost).

Take a look at:

http://php.net/manual/en/ini.list.php

&

http://www.php.net/manual/en/ini.core.php#ini.file-uploads

&

http://www.php.net/manual/en/ini.core.php#ini.memory-limit

&

http://www.php.net/manual/en/ini.core.php#ini.post-max-size


--
Norman
Registered Linux user #461062
-Have you been to www.php.net yet?-
[Message index]
 
Read Message
Read Message
Read Message
Read Message
Read Message
Previous Topic: php filling in listbox value based on db record ??
Next Topic: Re: Another heredoc question
Goto Forum:
  

-=] Back to Top [=-
[ Syndicate this forum (XML) ] [ RSS ]

Current Time: Wed Nov 27 14:56:16 GMT 2024

Total time taken to generate the page: 0.04201 seconds