You can use this hidden feature : MAX_FILE_SIZE

The MAX_FILE_SIZE hidden field (measured in bytes) must precede the file input field, and its value is the maximum filesize accepted by PHP. This form element should always be used as it saves users the trouble of waiting for a big file being transferred only to find that it was too large and the transfer failed. Keep in mind: fooling this setting on the browser side is quite easy, so never rely on files with a greater size being blocked by this feature. It is merely a convenience feature for users on the client side of the application. The PHP settings (on the server side) for maximum-size, however, cannot be fooled.

details : http://php.net/manual/en/features.file-upload.post-method.php

You can limit the max upload size as a PHP setting. The user will still be able to upload up to that size though until the server cancels, and he will not necessarily know the file is too big beforehand.

I suggest you to look into HTML features. See MDN https://developer.mozilla.org/en/using_files_from_web_applications

With it you can check size etc with JavaScript.

If you're concerned about wasting bandwidth, then you must handle this at a higher level in your server stack. By the time PHP is handling the file it's too late, the upload has already occurred and the bandwidth consumed.

Apache has some configuration directives that may be useful:

http://httpd.apache.org/docs/current/mod/core.html#limitrequestbody

But I'm not sure if even that actually cuts off the request when the body exceeds the limit. If not, you'd have to move up yet another level and handle it at the TCP level.

If you do want to go down a non-PHP route to try to block large uploads, you should ask on ServerFault instead of StackOverflow.