From: [EMAIL PROTECTED] Operating system: independency PHP version: 4.3.0RC1 PHP Bug Type: Documentation problem Bug description: description of MAX_FILE_SIZE should be clear
[quote from php manual mian>>feature>>handling file uploads] The MAX_FILE_SIZE hidden field must precede the file input field and its value is the maximum filesize accepted. The value is in bytes. [warnning] warning: The MAX_FILE_SIZE is advisory to the browser. It is easy to circumvent this maximum. So don't count on it that the browser obeys you wish! The PHP-settings for maximum-size, however, cannot be fooled. [/warnning] [/quote] it doesn't tell how php check the size 1 year ago I 1st time read it, and re-read it today, finally get what it means document should tell more to programmers: ---------- 1. user's file size is checked at the beginning of transfer before upload is done 2. hard limit: file size is check against "PHP-settings for maximum-size", file which larger will be refused 3. then, soft limit: check against "MAX_FILE_SIZE" if there is one hidden value before input file field 4. when transfer done, php-script is active, manage to store the uploaded-file, however, value of MAX_FILE_SIZE easy to circumvent, and cannot be trust on, your php-script should re-check the uploaded file size as u wish. FAQ: u said MAX_FILE_SIZE is untrustable, why we should make use of it? why not use only php-script to check filesize? answer: in current php, handling of upload file, scirpt is not active, thus, cannot check filesize until transfer of upload file is done. MAX_FILE_SIZE get ability to soft limit the filesize before user have to wait too long. ---------- this is what i comprehend :) yes, it's too long, hope u guys can refine it, and put into new version of phpmanual -- Edit bug report at http://bugs.php.net/?id=20570&edit=1 -- Try a CVS snapshot: http://bugs.php.net/fix.php?id=20570&r=trysnapshot Fixed in CVS: http://bugs.php.net/fix.php?id=20570&r=fixedcvs Fixed in release: http://bugs.php.net/fix.php?id=20570&r=alreadyfixed Need backtrace: http://bugs.php.net/fix.php?id=20570&r=needtrace Try newer version: http://bugs.php.net/fix.php?id=20570&r=oldversion Not developer issue: http://bugs.php.net/fix.php?id=20570&r=support Expected behavior: http://bugs.php.net/fix.php?id=20570&r=notwrong Not enough info: http://bugs.php.net/fix.php?id=20570&r=notenoughinfo Submitted twice: http://bugs.php.net/fix.php?id=20570&r=submittedtwice register_globals: http://bugs.php.net/fix.php?id=20570&r=globals PHP 3 support discontinued: http://bugs.php.net/fix.php?id=20570&r=php3 Daylight Savings: http://bugs.php.net/fix.php?id=20570&r=dst IIS Stability: http://bugs.php.net/fix.php?id=20570&r=isapi -- PHP Documentation Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php