How to stop a oversize file upload while upload is

2019-06-17 09:47发布

站内问答 / PHP
381 7 4

I'm using apache, PHP.

So, for php, even I set max file size, if someone upload a huge file, it will upload the whole thing to server, and then PHP return error. is that right?

I would like the web server or PHP to stop when the file size or the request size is larger than certain size.

is there a way to do it? I remember something like setting post_max_size or setting something in apache.conf but not sure if it will stop when the file goes over the max limit.

  • I don't trust client side validation. so, I'm looking for either apache or php level solution. :)

7条回答
爷的心禁止访问
2楼-- · 2019-06-17 10:13

It's not possible to stop this from the server side - the file will still be uploaded before PHP decides whether to reject it. You'd need to add that detection on the client side. While you can't do this with a regular HTML form, flash uploaders can find out the filesize before the upload starts.

On the server side, you can't do anything useful with PHP - the files have always already been fully uploaded before PHP has a chance to say 'no'. To block upload (that is, disconnect the client part way through the POST), you'll need some web server magic lower down the stack. Perlbal is capable of doing this. Writing your own Apache module is a (brute force) solution. Using any kind of lightweight proxy in front of your main web server is the solution if you're worried about big uploads tying up web server resources.

It really depends why you want to limit large uploads. If it's to save users time, just add messaging that specifies max file size. If it's server resources, use a lightweight proxy in front of the server. If it's something else, well, what is it?

查看更多
0人赞 添加讨论(0) 举报
戒情不戒烟
3楼-- · 2019-06-17 10:13

Use a hidden field called MAX_FILE_SIZE with a value indicating the max file size in bytes. See Example #1 on this page for further information.

<!-- The data encoding type, enctype, MUST be specified as below -->
<form enctype="multipart/form-data" action="__URL__" method="POST">
    <!-- MAX_FILE_SIZE must precede the file input field -->
    <input type="hidden" name="MAX_FILE_SIZE" value="30000" />
    <!-- Name of input element determines name in $_FILES array -->
    Send this file: <input name="userfile" type="file" />
    <input type="submit" value="Send File" />
</form>
查看更多
0人赞 添加讨论(0) 举报
别忘想泡老子
4楼-- · 2019-06-17 10:23

Apache's LimitRequestBody, afaik, it just stops the connection when going over....

查看更多
0人赞 添加讨论(0) 举报
狗以群分
5楼-- · 2019-06-17 10:29

Here is a simple jquery solution How to check file input size with jQuery? But client side validation can be hacked easily.

查看更多
0人赞 添加讨论(0) 举报
干净又极端
6楼-- · 2019-06-17 10:31

max_execution_time and max_input_time These settings define the maximum life time of the script and the time that the script should spend in accepting input. If several mega bytes of data are being transfered max_input_time should be reasonably high. You can override the setting in the ini file for max_input_time by calling the set_time_limit() function in your scripts.

This is taken from http://www.radinks.com/upload/config.php

If you set lower values for these ini entries the script should timeout before the upload has completed

查看更多
0人赞 添加讨论(0) 举报
再贱就再见
7楼-- · 2019-06-17 10:31

Use $_FILES in php. 

if($_FILES['name']['size'] > $limit){
// continue;
}
查看更多
0人赞 添加讨论(0) 举报
1 2 下一页
登录 后发表回答
相关问题
查看全部
相关文章
查看全部
收藏的人(4)