PHP File upload validation before the file uploads

Question

Josh Connerty 20 Unverified User

15 Years Ago

Hello,

I have been working on some scripts for a forthcoming site and I have run across an issue. The issue being that when uploading large files (60Mb + ) will only be validated after they have finished being uploaded to a temporary directory. As you could probably imagine this is quite an issue.

Is there somesort of way I can validate the file before it has finished uploading. If so how is this acheived?

I have searched google and till now have found nothing and it is becoming quite tedious.

Thanks in advance for any help given.

php

5 Contributors
14 Replies
5K Views
2 Weeks Discussion Span
Latest Post 15 Years Ago Latest Post by cwarn23

cwarn23 387 Occupation: Genius

15 Years Ago

Try adding the following field to your html form to prevent uploads larger than 60MB

<input type="hidden" name="MAX_FILE_SIZE" value="60000000" />

Other than that, php has no way of validating the upload since php is server side an not client side. So the only real ways to validate an upload is with javascript, flash and java.

cwarn23 387 Occupation: Genius

15 Years Ago

There is a nice little article about it at http://stackoverflow.com/questions/254184/filter-extensions-in-html-form-upload
And a sample html code to accept files smaller than 60MB with only the extension jpg, jpeg and gif the code would be as follows:

<form enctype="multipart/form-data" action="uploader.php" method="POST">
Upload PNG File:
<input name="Upload Saved Replay" type="file" accept="image/gif, image/jpeg"/><br />
<input type="hidden" name="MAX_FILE_SIZE" value="60000000" />
<input type="submit" value="Upload File" />
</form>

Also note that you need to enter the mime types into the accept= parameter. More info on that can be found at http://www.w3schools.com/TAGS/att_form_accept.asp

BzzBee 5 Posting Whiz

15 Years Ago

before uploading apply this php check.

<form enctype="multipart/form-data" action="upload.php" method="POST">
Upload PNG File:
<input name="Upload" type="file" /><br />
<input type="hidden" name="MAX_FILE_SIZE" value="60000000" />
<input type="submit" value="Upload My File" />
</form>


<?
$filename=$_FILES['presentation']['name'];
//For size

if($_FILES["Upload"]["size"]>60000000) //60 mb
	{
	echo "File size should be less than 6MB";	
	}

// for extention

$ext = substr($filename, strpos($filename,'.'), strlen($filename)-1);

if($ext=='jpg' || $ext=='gif' )
{
echo "write the code to upload file";
}
else
{
echo "Only jpg or gif file is allowed";
}
?>

BzzBee 5 Posting Whiz

15 Years Ago

Is your issue resolved now?

Reply to this topic

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.

Josh Connerty 20 Unverified User · Answer 1 · 2009-04-14T04:54:01+00:00

Thanks for the reply and sorry for the slow come back.

Ok so how does that make sure that the file is not larger than 60MB what scripting is behind this?

Also is there any way of validation the extension before upload?

Thanks again.

Josh Connerty 20 Unverified User · Answer 2 · 2009-04-20T05:51:42+00:00

Thanks for the replies, from what I can gather PHP uploads the file to a temporary directory before running the first line of the script anyhow. Is there a way I can safely validate the file before PHP uploads it to a temp directory.

Also from what I gather the accept attribute isn't trustworthy as only a small percentage of browsers even register this attribute as being there.

Josh Connerty 20 Unverified User · Answer 3 · 2009-04-20T21:31:10+00:00

Josh Connerty 20 Unverified User

15 Years Ago

No

shashank.kuls 0 Newbie Poster · Answer 4 · 2009-04-29T13:18:53+00:00

I've used the same code but if I try to upload file more than 200MB it won't show any error message
And I've set the limit of 2 MB .
It works for 5 Mb

shashank.kuls 0 Newbie Poster · Answer 5 · 2009-04-29T13:38:08+00:00

I've used the same code but if I try to upload file more than 200MB it won't show any error message
And I've set the limit of 2 MB .
It works for 5 Mb

cwarn23 387 Occupation: Genius Team Colleague Featured Poster · Answer 6 · 2009-04-29T13:40:55+00:00

First make your form something like the following:

<form enctype="multipart/form-data" action="uploader.php" method="POST">
Upload File:
<input name="Upload Saved Replay" type="file" accept="image/gif, image/jpeg"/><br />
Below line is the essential line.
<input type="hidden" name="MAX_FILE_SIZE" value="200000000" />
<input type="submit" value="Upload File" />
</form>

And in the php side, add the following to the top of your page:

<?
ini_set('upload_max_filesize','200M');

shashank.kuls 0 Newbie Poster · Answer 7 · 2009-04-29T14:24:41+00:00

Thanks But I've solved this issue..........
Use $_SERVER after trying to upload file. This variable returns size of uploaded file, even if upload failed

marktoyota -2 Newbie Poster · Answer 8 · 2009-04-29T14:33:03+00:00

What type of file you are uploading, Image of Video file??? have you got solution or still looking for solution.

Josh Connerty 20 Unverified User · Answer 9 · 2009-04-29T21:24:17+00:00

What type of file you are uploading, Image of Video file??? have you got solution or still looking for solution.

I am actually still having the issue I can change the settings in my ini but what I am trying to do is validate all the information about the uploaders file before they actually upload it else they spend maybe 5 minutes or so uploading the file to be told it has the wrong extension...

This is a big issue and has ground the work down to a halt.

cwarn23 387 Occupation: Genius Team Colleague Featured Poster · Answer 10 · 2009-04-30T14:43:25+00:00

It is possible to use html to validate the file format simply by using the accept= method in the upload field. Below is an example that only accepts gif files and jpeg files:

<input name="Upload Saved Replay" type="file" accept="image/gif, image/jpeg"/>