Re: Settings to Allow Precise File Upload Bytes

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



My browser is claiming it is still busy from a 1MB (1030001 bytes)
upload where I was trying to find out if it is setting
$_FILES['attachment'].

Thanks Maciek.  It makes sense that I should be looking at
$_FILES['attachment']['error'] before the size.  I'm just surprised
it's still hanging.  I'm using jquery mobile which has extra file
upload concerns (although there is no problem when the file is small
enough).

The MySQL part was included so that this post could help others if
they missed a setting in their LAMP/AJAX stack, but I had narrowed my
specific issue down to PHP $_FILES['attachment'].

Thanks for all your help Jim.



On Fri, Jan 20, 2012 at 2:38 PM, Maciek Sokolewicz
<maciek.sokolewicz@xxxxxxxxx> wrote:
> Answers are inside the mail
>
> On 20 January 2012 21:18, Dee Ayy <dee.ayy@xxxxxxxxx> wrote:
>>
>> Obviously I don't want a Flash/Gears solution.
>>
>> FYI: Your #6 should be:
>> The server uploads...
>
> No, the server downloads, the client uploads. Downloading is performed by
> the receiving end (in this case, the server), while uploading is done by the
> serving end (in this case, the client). But that's a minor thing.
>
>>
>> Even though I do not want a Flash/Gears solution, I would be happy
>> with your #8 stating:
>> I won't fail silently, I'll report the problem to the user.
>>
>> Do you know the correct settings on any applicable LAMP/AJAX stack to
>> get the error you claim is available in your step #8 and where to look
>> for this error?  Is $_FILES['attachment'] supposed to be set and
>> hopefully something is in $_FILES['attachment']['error']?
>> I decided to post here instead of trying various permutations.
>
>
>>
>>
>> MySQL max_allowed_packet was mentioned because even if you correct #8,
>> MySQL can choke on what Apache allowed through, and I included the DB
>> list.
>
> After rereading your post I noticed I had failed to read correctly. I'm
> sorry. However, I still believe that the MySQL settings are not of any
> interest here. The limitation should IMO be performed by PHP (or even
> apache). By the time it gets to MySQL, all such checks should already have
> been done. So let's ignore MySQL for now.
>
> As for PHP:
> $_FILES['attachment']['error']  should be 0 if the file is uploaded
> correctly. If it's > 0, then you should throw an error regardless of size.
> So, assuming $_FILES['attachment']['error'] == 0,
> $_FILES['attachment']['size'] will give you the exact filesize in bytes.
> Check against this number, and you should be fine.
>
> However, if the upload size was higher than php.ini's upload_max_filesize,
> $_FILES['attachment']['error'] will have the value 1 (constant:
> UPLOAD_ERR_INI_SIZE), and will not be available to handle.
>
> So, in short, with code like:
>>
>> define('CUSTOM_MAX_UPLOAD_SIZE', (10*1024*1024) ); // 10MB
>> if( isset($_FILES['attachment']) && $_FILES['attachment']['error'] <= 1 )
>> {
>>    if( ($_FILES['attachment']['error'] == 1) or
>> ($_FILES['attachment']['error'] == 0 && $_FILES['attachment']['size'] >
>> CUSTOM_MAX_UPLOAD_SIZE) ) {
>>       exit('ERROR: upload too big');
>>    } else {
>>       // process the upload, store it, etc.
>>    }
>> } else {
>>    // something went wrong while uploading
>> }
>
>  You should be fine.
> Of course, you should also check that your max request body size is large
> enough in Apache, though usually it allows requests far larger than PHP
> does.
>
> Hope this helps, and sorry if I sounded rude at first,
> - Tul
>
>>
>> I never claimed I want to know the file size before upload, just that
>> some solutions may do this.
>>
>>
>> On Fri, Jan 20, 2012 at 11:50 AM, Maciek Sokolewicz
>> <maciek.sokolewicz@xxxxxxxxx> wrote:
>> > Your problem here is the fact that you do not seem to grasp what is
>> > hapenning when a file is being uploaded, hence your question. So let me
>> > explain:
>> > 1. A user goes to your page by entering it into the browser.
>> > 2. The page is downloaded to the client, and the connection is closed.
>> > 3. The user chooses to upload a file via an HTML control (ie. an HTML
>> > input
>> > element of type="file".
>> > 4. The user submits the form
>> > 5. The browser makes a connection to the server containing a header
>> > saying
>> > "the following data is a file".
>> > 6. The server downloads all of the data from the user
>> > 7. The server parses the data, finds the header stating that the content
>> > is
>> > a file
>> > 8. The server invokes your PHP script, which decides "whoa! wait a
>> > minute,
>> > that file is too large" and shows an error.
>> > 9. The server removes the file from memory / temporary storage
>> > 10. The server sends back the error to the client, and closes the
>> > connection.
>> >
>> > The point I am trying to make here is the fact that the server does not
>> > know
>> > the size of the file, until it has fully downloaded it, since it is not
>> > given in any way. Good browsers let the server know what size to
>> > *expect*,
>> > but even then, you can't rely on it.
>> >
>> > All checking of how large a file is has to happen client-side. Due to
>> > security reasons, languages such as javascript are not allowed to view
>> > any
>> > details about files on your disk, and thus can't be used to determine
>> > the
>> > filesize before sending anything to the server.
>> >
>> > The reason flash and gears can do this, is because these are designed
>> > differently and actually form a separate program inside your browser,
>> > which
>> > is not limited in its activity, as javascript (and vbscript in IE) are.
>> >
>> > So... you can use Flash and Gears to prevent upload of a too large file
>> > to
>> > your server. But not plain HTML and/or javascript. Since the server does
>> > not
>> > check the size until AFTER it has fully downloaded the file, there is no
>> > setting in Apache, PHP, MySQL (which has absolutely nothing to do with
>> > uploading at all), etc. Which are all server-side and ran after the
>> > upload
>> > has finished.
>> >
>> > In other words: use the Flash/Gears solution, or just decide you don't
>> > mind
>> > if a large file is uploaded. In the last case you can always reject the
>> > file
>> > afterwards.
>> >
>> > - Tul
>> >
>> >
>> > On 20-01-2012 18:15, Dee Ayy wrote:
>> >>
>> >> Please advise the proper settings (Apache/PHP/HTML/MySQL/Anything else
>> >> I missed) to allow a specific byte size upload and to deny 1 byte over
>> >> with error reporting in LAMP/AJAX.  I've heard of Flash and Gears
>> >> solutions, but these require additional installs for the user -- just
>> >> to know the file size before an upload.
>> >>
>> >> The server is Apache 2.
>> >> PHP is 5.1.6
>> >> HTML has
>> >> <!DOCTYPE html>
>> >> <input type="hidden" name="MAX_FILE_SIZE" value="1030000" />
>> >> <input type="file" name="attachment" />
>> >>
>> >> PHP ini :
>> >> file_uploads    On      On
>> >> upload_max_filesize     2M      2M
>> >> post_max_size   8M      8M
>> >>
>> >> I believe MySQL max_allowed_packet 1,048,576 was affecting the MySQL
>> >> INSERT, so I changed MAX_FILE_SIZE to 1030000 above.
>> >>
>> >> Now I am seeing cases where
>> >> if(isset($_FILES['attachment'])&&  $_FILES['attachment']['size']>  0){
>> >>
>> >> evaluates to FALSE
>> >>
>> >> How can I know that a file upload was attempted yet failed or will
>> >> fail?
>> >>
>> >> My last test case had the web page still claiming it was busy, yet I
>> >> noticed that the above condition must have evaluated to FALSE, failing
>> >> silently due to missing error reporting on my part (or the system's
>> >> part).
>> >>
>> >> I am willing to make 2 requests:
>> >> 1) just to find out if the attempted upload will fail and inform the
>> >> user.
>> >> 2) for the actual upload if it should succeed.
>> >>
>> >>
>> >> TIA
>> >
>> >
>
>

-- 
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php




[Index of Archives]     [PHP Home]     [PHP Users]     [Postgresql Discussion]     [Kernel Newbies]     [Postgresql]     [Yosemite News]

  Powered by Linux