Home »
Imported messages »
comp.lang.php »
My head is spinning
| Re: My head is spinning [message #169428 is a reply to message #169424] |
Sun, 12 September 2010 02:21  |
Norman Peelman
Messages: 126
Registered: September 2010
Karma:
|
Senior Member |
|
|
MikeB wrote:
> Please help me understand, my head is absolutely spinning and I can't
> get my mind around this.
>
> In the php.net site there is an example on uploading a file via a
> form. http://www.php.net/manual/en/features.file-upload.post-method.php
>
> This is the sample code for the form:
>
> <form enctype="multipart/form-data" action="__URL__" method="POST">
> <!-- MAX_FILE_SIZE must precede the file input field -->
> <input type="hidden" name="MAX_FILE_SIZE" value="30000" />
> <!-- Name of input element determines name in $_FILES array -->
> Send this file: <input name="userfile" type="file" />
> <input type="submit" value="Send File" />
> </form>
>
> Is MAX_FILE_SIZE passed to PHP as $MAX_FILE_SIZE?
>
> Assuming I want to make it a variable in my PHP code, can I do this:
>
> <?php
>
> $MAX_FILE_SIZE = 30000;
>
> echo <<<_END
> <form enctype="multipart/form-data" action="__URL__" method="POST">
> <!-- MAX_FILE_SIZE must precede the file input field -->
> <input type="hidden" name="MAX_FILE_SIZE" />
> <!-- Name of input element determines name in $_FILES array -->
> Send this file: <input name="userfile" type="file" />
> <input type="submit" value="Send File" />
> </form>
> <<<_END
> <?
>
> In other words, simply omitting the "value" clause in the form field?
>
> And can I make that value a global constant somehow so that I can
> later also test the actual size of the uploaded file in another
> function?
>
> Or do I have to do this:
>
> <?php
>
> $MAX_UPLOAD_SIZE = 30000;
>
> echo <<<_END
> <form enctype="multipart/form-data" action="__URL__" method="POST">
> <!-- MAX_FILE_SIZE must precede the file input field -->
> <input type="hidden" name="MAX_FILE_SIZE"
> value="$MAX_UPLOAD_SIZE"/>
> <!-- Name of input element determines name in $_FILES array -->
> Send this file: <input name="userfile" type="file" />
> <input type="submit" value="Send File" />
> </form>
> <<<_END
> <?
>
> I'm also concerned that in the first instance, a malicious user can
> modify the value and I will be hosed. Am I correct?
>
> Thanks.
<input type="hidden" name="MAX_FILE_SIZE" value="30000" />
has nothing to do with PHP... This is a directive for the browser to not
process a file over that limit. It's not 100% reliable but seems to be
needed for the browser to process the upload.
PHP, on the other hand has setting(s) (php.ini) that control the
server side of things (for PHP). Among them are PHP memory allowance and
upload size. Many can be set per instance (site, virtualhost).
Take a look at:
http://php.net/manual/en/ini.list.php
&
http://www.php.net/manual/en/ini.core.php#ini.file-uploads
&
http://www.php.net/manual/en/ini.core.php#ini.memory-limit
&
http://www.php.net/manual/en/ini.core.php#ini.post-max-size
--
Norman
Registered Linux user #461062
-Have you been to www.php.net yet?-
|
|
|
|
Current Time: Sat Nov 23 18:52:52 GMT 2024
Total time taken to generate the page: 0.05157 seconds
Calendar
Search
Help
Members
Register
Login
Home
]