Easy-to-follow video tutorials help you learn software, creative, and business skills.Become a member

Limitations on file uploads

From: Uploading Files Securely with PHP

Video: Limitations on file uploads

File uploads are controlled by several PHP configuration directives. And these are the configuration settings for my server. Originally the value of max_file_uploads needed to be changed in the main PHP Assuming that file_uploads are turned on, The value for upload_max_filesize and post_max_size must There are 1024 bytes in a kilobyte, and 1024 kilobytes in a megabyte.

Limitations on file uploads

File uploads are controlled by several PHP configuration directives. So it's a good idea to run phpinfo to see what limitations apply to your server's setup. I've got phpinfo in this file here, so let's just run it in a browser. And these are the configuration settings for my server. All the directives that relate to uploads are in the Core section close to the top. So let's just scroll down to find it. Here's the Core section. And the most important directive for file uploads is called file_uploads.

It's this one here. And of course, it goes without saying, that this must be on for file uploads to work. The other directives so spread out in different parts of this core list. So to make it easier to focus, I've listed them all together. Both file_uploads and upload_tmp_dir can be changed only by the server administrator in the main server configuration files. upload_tmp_dir controls where upload files are stored temporarily before being processed.

This normally defaults to the server's main temporary directory. If it points to a different location, the folder must be writeable by PHP. The remaining directives can be changed individually in an htaccess file on an Apache server, or in a user.ini file when PHP is running as FastCGI. max_file_uploads controls the maximum number of files that can be uploaded in a single operation. The default is 20.

If the maximum is exceeded, files over that limit are simply discarded without warning. Originally the value of max_file_uploads needed to be changed in the main PHP configuration, but it's been individually configurable since PHP 5.4. The limit on the size of individual files is set by upload_max_filesize, by default, it's two megabytes. But the overall limit is controlled by post_max_size, which is normally eight megabytes.

So although you can theoretically upload 20 files at a time, the actual limit will be considerably fewer if they're big. In fact, if the files are exactly two megabytes each, you'll be able to upload only three, not four. This is because post_max_size covers all POST data, and you need a few bytes for the upload form itself. max_input_time controls how long a script can spend receiving form input, including file uploads.

It's measured from the time all the data has been received by the server to the start of script execution. In some cases, this could cause large or multiple uploads to time out. Another time limit is set by max_execution_time, which defaults to 30 seconds. Again, the clock starts ticking only after the files have completed uploading. This is likely to affect you if you're doing a lot of heavy processing on files after they've been uploaded, for example, using the GD extension to process images.

There's one other factor you need to take into consideration if your script is doing heavy processing after the file has been uploaded. Make sure the server doesn't run out of memory. Since PHP 5.3, the default for memory_limit has been a generous 128 megabytes. But it might be set at a much lower value by the server administrator. Assuming that file_uploads are turned on, the most important directives are these three. max_file_uploads, upload_max_filesize, and post_max_size.

You can change their values if your server lets you use htaccess or user.ini configuration files. An htaccess file works only on Apache servers. If you put it in the site root, it affects the whole site. Alternatively, you can put it in an individual directory to change the settings for just that directory and any sub-directories. It's a plain text file with the name .htaccess and no filename extension. The syntax is php_value followed by the directive name, and then the value, each separated by a space.

The value for upload_max_filesize and post_max_size must be expressed in bytes. There are 1024 bytes in a kilobyte, and 1024 kilobytes in a megabyte. The examples shown here double the default values to four megabytes and 16 megabytes, respectively. If your server runs PHP as FastCGI, you can change the configuration with a user.ini file. Again, it's a plain text file with the name .user.ini.

Syntax is the same as in the main PHP configuration file, php.ini. The directive name is followed by an equal sign and the value. Although you can specify the value for upload_max_ filesize and post_max_size in bytes, it's easier to use the shorthand. Uppercase M for megabytes, and there should be no space between the number and the M. One final note for Mac users, the filenames for both htaccess and user.ini begin with a dot, which means they'll be hidden in the Mac Finder.

However, you should be able to see them in a script editor, such as Text Wrangler or PBEdit, that allows you to open hidden files.

Show transcript

This video is part of

Image for Uploading Files Securely with PHP
Uploading Files Securely with PHP

33 video lessons · 2238 viewers

David Powers
Author

 
Expand all | Collapse all
  1. 4m 49s
    1. Welcome
      57s
    2. What you should know before watching this course
      2m 0s
    3. Using the exercise files
      1m 52s
  2. 33m 2s
    1. How PHP handles file uploads
      6m 16s
    2. Examining the $_FILES array
      5m 8s
    3. Setting the maximum file size
      5m 36s
    4. Preparing the upload folder
      3m 18s
    5. Moving the file to its destination
      6m 51s
    6. Limitations on file uploads
      5m 53s
  3. 47m 3s
    1. Planning the class's features
      3m 15s
    2. Creating and using a namespaced class
      5m 25s
    3. Creating the class constructor
      7m 26s
    4. Getting a reference to the uploaded file
      5m 9s
    5. Checking the error level
      5m 7s
    6. Displaying errors and other messages
      4m 51s
    7. Setting and checking the maximum file size
      7m 19s
    8. Strengthening the setMaxSize() method
      8m 31s
  4. 35m 30s
    1. Restricting acceptable MIME types
      5m 27s
    2. Removing spaces from file names
      5m 21s
    3. Restricting acceptable file-name extensions
      6m 10s
    4. Neutralizing potentially dangerous uploads
      5m 54s
    5. Renaming files with duplicate names
      7m 58s
    6. Moving the file to its destination
      4m 40s
  5. 10m 25s
    1. Understanding how the $_FILES array handles multiple files
      4m 42s
    2. Adapting the class to handle both single and multiple uploads
      5m 43s
  6. 38m 15s
    1. Overview of the UploadFile class
      5m 9s
    2. Setting up to use the class
      4m 11s
    3. Using the class
      8m 12s
    4. Reporting errors with multiple uploads
      4m 0s
    5. Displaying the server limits
      4m 51s
    6. Alerting the user about exceeding the server limits
      6m 14s
    7. Changing the class's defaults
      5m 38s
  7. 1m 38s
    1. Goodbye
      1m 38s

Start learning today

Get unlimited access to all courses for just $25/month.

Become a member
Sometimes @lynda teaches me how to use a program and sometimes Lynda.com changes my life forever. @JosefShutter
@lynda lynda.com is an absolute life saver when it comes to learning todays software. Definitely recommend it! #higherlearning @Michael_Caraway
@lynda The best thing online! Your database of courses is great! To the mark and very helpful. Thanks! @ru22more
Got to create something yesterday I never thought I could do. #thanks @lynda @Ngventurella
I really do love @lynda as a learning platform. Never stop learning and developing, it’s probably our greatest gift as a species! @soundslikedavid
@lynda just subscribed to lynda.com all I can say its brilliant join now trust me @ButchSamurai
@lynda is an awesome resource. The membership is priceless if you take advantage of it. @diabetic_techie
One of the best decision I made this year. Buy a 1yr subscription to @lynda @cybercaptive
guys lynda.com (@lynda) is the best. So far I’ve learned Java, principles of OO programming, and now learning about MS project @lucasmitchell
Signed back up to @lynda dot com. I’ve missed it!! Proper geeking out right now! #timetolearn #geek @JayGodbold
Share a link to this course

What are exercise files?

Exercise files are the same files the author uses in the course. Save time by downloading the author's files instead of setting up your own files, and learn by following along with the instructor.

Can I take this course without the exercise files?

Yes! If you decide you would like the exercise files later, you can upgrade to a premium account any time.

Become a member Download sample files See plans and pricing

Please wait... please wait ...
Upgrade to get access to exercise files.

Exercise files video

How to use exercise files.

Learn by watching, listening, and doing, Exercise files are the same files the author uses in the course, so you can download them and follow along Premium memberships include access to all exercise files in the library.


Exercise files

Exercise files video

How to use exercise files.

For additional information on downloading and using exercise files, watch our instructional video or read the instructions in the FAQ.

This course includes free exercise files, so you can practice while you watch the course. To access all the exercise files in our library, become a Premium Member.

Are you sure you want to mark all the videos in this course as unwatched?

This will not affect your course history, your reports, or your certificates of completion for this course.


Mark all as unwatched Cancel

Congratulations

You have completed Uploading Files Securely with PHP.

Return to your organization's learning portal to continue training, or close this page.


OK
Become a member to add this course to a playlist

Join today and get unlimited access to the entire library of video courses—and create as many playlists as you like.

Get started

Already a member?

Become a member to like this course.

Join today and get unlimited access to the entire library of video courses.

Get started

Already a member?

Exercise files

Learn by watching, listening, and doing! Exercise files are the same files the author uses in the course, so you can download them and follow along. Exercise files are available with all Premium memberships. Learn more

Get started

Already a Premium member?

Exercise files video

How to use exercise files.

Ask a question

Thanks for contacting us.
You’ll hear from our Customer Service team within 24 hours.

Please enter the text shown below:

The classic layout automatically defaults to the latest Flash Player.

To choose a different player, hold the cursor over your name at the top right of any lynda.com page and choose Site preferencesfrom the dropdown menu.

Continue to classic layout Stay on new layout
Exercise files

Access exercise files from a button right under the course name.

Mark videos as unwatched

Remove icons showing you already watched videos if you want to start over.

Control your viewing experience

Make the video wide, narrow, full-screen, or pop the player out of the page into its own window.

Interactive transcripts

Click on text in the transcript to jump to that spot in the video. As the video plays, the relevant spot in the transcript will be highlighted.

Are you sure you want to delete this note?

No

Your file was successfully uploaded.

Thanks for signing up.

We’ll send you a confirmation email shortly.


Sign up and receive emails about lynda.com and our online training library:

Here’s our privacy policy with more details about how we handle your information.

Keep up with news, tips, and latest courses with emails from lynda.com.

Sign up and receive emails about lynda.com and our online training library:

Here’s our privacy policy with more details about how we handle your information.

   
submit Lightbox submit clicked
Terms and conditions of use

We've updated our terms and conditions (now called terms of service).Go
Review and accept our updated terms of service.