Join David Powers for an in-depth discussion in this video Setting the maximum file size, part of Uploading Files Securely with PHP.
In many cases you probably want to limit the size of files that can be uploaded to the server. Even if you put a prominent warning alongside the form field. People often don't know how big a file is so they'll just hope for the best. But imagine their frustration if they're on a slow connection, wait for the file to upload, and then it's rejected. To avoid this situation, you can prevent the browser from even attempting to upload files that exceed a particular size. The maximum size needs to be specified in bytes.
So right at the top of the script, going to add a new line on line two, and then specify the maximum. Store it as a variable. Although it needs to be specified in bytes, you can very easily get PHP to do the calculation for you. So let's make it 50 kilobytes. So 50 times 1024. And the way that you prevent larger files from being uploaded is to create a hidden field in the form. But its vital that this hidden field comes before the file input field.
So, the file input field is on line 21. I'm going to create a new input field, a hidden input field, before there. So, it'll be input type equals hidden. And this hidden field has a specific name. The name is all in caps, MAX_FILE_SIZE, and then we need to set the value. Put a PHP block in there. And we will echo the value of max, close off that input field. So if we now save that form, and we test it in browser, if we choose a file, this one I know is quite small, and we get error code zero. I choose a much larger file.
This one here I know is more than 50 kilobytes. And click, Upload File. I now get, error two. Which as we saw earlier means that it's larger than max file size. And you can see from size. That the size is zero, it hasn't even attempted to upload that file. So we can use the error code to relay a helpful message to the user. So let's go back to the editing program and let's initialize a variable for a message.
So we'll put it on line three and we'll initialize it as an empty string. And we don't need to display the value of the files array. So we can get rid of that, and then we can create a switch statement. What we want to do is to check the value of files, file name error. So it's the files super global array. The name of our file input field is file name, and then what we'd want from that sub array, is the value of error.
So we're going to get the error code from a file that's being uploaded. So if the error code is zero, case zero. Message will be. And then we can use the file super global array again. Files < File Name. And then from that subarray, we need the value of name. And we can say it was uploaded successfully. And we need a break. And then, case two.
Message, we'll use the file name again. Just copy and paste that. Say it's too big to upload. Break again. And in case four we know that no file has been uploaded. And then we'll have a default message and the name of that file again. So down in the webpage we need to display that message if it's been set, so I'm going to put a PHP block down here. Message's been initialized as an empty string so we can just use if message, because if it's still an empty string, that means it won't be displayed.
So we just need to echo and then we will echo a paragraph and message inside there. So we can now save that, and go back to our browser. And if we choose a file. I know this one is small, so it should be uploaded successfully. Select that. Upload file. It was uploaded successfully. Of course it hasn't been saved, but we're just testing the message. Let's try it without selecting a file. We get no file selected, and then, if we choose a file that we know is more than 50 kilobytes.
This one, I know, is more than that upload. It's too big to upload. So, we're using the error code and the file name from the file's super global array, to provide a useful message to the user. But of course, we still need to save the uploaded file. Before we can do that, we need to prepare a folder to store uploads. We'll do that next.
At the end of this course, you'll have a robust, flexible class that can be incorporated into many projects (including web forms) with just a few lines of code.
- How PHP handles file uploads
- Setting the maximum file size
- Moving the file to its destination
- Creating and using a namespaced class
- Displaying error messages
- Restricting unacceptable MIME types and file extensions
- Using the class
- Reporting errors
- Altering the user