On Sun, Sep 12, 2010 at 5:07 AM, MikeB <mpbrede@xxxxxxxxx> wrote: > Hello, I'm new to PHP and also new to using newsgroups/mailing lists > directly. So if I make a mistake, please forgive me this once and I'll try > to do better in the future. > > Please help me understand, my head is absolutely spinning and I can't > get my mind around this. > > In the php.net site there is an example on uploading a file via a > form. http://www.php.net/manual/en/features.file-upload.post-method.php > > This is the sample code for the form: > > <form enctype="multipart/form-data" action="__URL__" method="POST"> > <!-- MAX_FILE_SIZE must precede the file input field --> > <input type="hidden" name="MAX_FILE_SIZE" value="30000" /> > <!-- Name of input element determines name in $_FILES array --> > Send this file: <input name="userfile" type="file" /> > <input type="submit" value="Send File" /> > </form> > > Is MAX_FILE_SIZE passed to PHP as $MAX_FILE_SIZE? err! print_r and var_dump is your friend! > > Assuming I want to make it a variable in my PHP code, can I do this: > > <?php > > $MAX_FILE_SIZE = 30000; > > echo <<<_END > <form enctype="multipart/form-data" action="__URL__" method="POST"> > <!-- MAX_FILE_SIZE must precede the file input field --> > <input type="hidden" name="MAX_FILE_SIZE" /> > <!-- Name of input element determines name in $_FILES array --> > Send this file: <input name="userfile" type="file" /> > <input type="submit" value="Send File" /> > </form> > <<<_END > <? > > In other words, simply omitting the "value" clause in the form field? > > And can I make that value a global constant somehow so that I can > later also test the actual size of the uploaded file in another > function? if this is about getting the size of the uploaded file, you better try print_r($_FILES) after the form submit. there you have size in bytes. MAX_FILE_SIZE in html form will be used to early notify the up-loader, in case of a bigger file which exceeds the server side limit imposed through php.ini. (see http://www.php.net/manual/en/ini.core.php file uploads section) > > Or do I have to do this: > > <?php > > $MAX_UPLOAD_SIZE = 30000; > <<<_END > <? > > I'm also concerned that in the first instance, a malicious user can > modify the value and I will be hosed. Am I correct? and yes, never trust client side. ~viraj > > Thanks. > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
