[PHP] Re: Settings to Allow Precise File Upload Bytes
My browser is claiming it is still busy from a 1MB (1030001 bytes)
upload where I was trying to find out if it is setting
$_FILES['attachment'].
Thanks Maciek. It makes sense that I should be looking at
$_FILES['attachment']['error'] before the size. I'm just surprised
it's still hanging. I'm using jquery mobile which has extra file
upload concerns (although there is no problem when the file is small
enough).
The MySQL part was included so that this post could help others if
they missed a setting in their LAMP/AJAX stack, but I had narrowed my
specific issue down to PHP $_FILES['attachment'].
Thanks for all your help Jim.
On Fri, Jan 20, 2012 at 2:38 PM, Maciek Sokolewicz
wrote:
> Answers are inside the mail
>
> On 20 January 2012 21:18, Dee Ayy wrote:
>>
>> Obviously I don't want a Flash/Gears solution.
>>
>> FYI: Your #6 should be:
>> The server uploads...
>
> No, the server downloads, the client uploads. Downloading is performed by
> the receiving end (in this case, the server), while uploading is done by the
> serving end (in this case, the client). But that's a minor thing.
>
>>
>> Even though I do not want a Flash/Gears solution, I would be happy
>> with your #8 stating:
>> I won't fail silently, I'll report the problem to the user.
>>
>> Do you know the correct settings on any applicable LAMP/AJAX stack to
>> get the error you claim is available in your step #8 and where to look
>> for this error? Is $_FILES['attachment'] supposed to be set and
>> hopefully something is in $_FILES['attachment']['error']?
>> I decided to post here instead of trying various permutations.
>
>
>>
>>
>> MySQL max_allowed_packet was mentioned because even if you correct #8,
>> MySQL can choke on what Apache allowed through, and I included the DB
>> list.
>
> After rereading your post I noticed I had failed to read correctly. I'm
> sorry. However, I still believe that the MySQL settings are not of any
> interest here. The limitation should IMO be performed by PHP (or even
> apache). By the time it gets to MySQL, all such checks should already have
> been done. So let's ignore MySQL for now.
>
> As for PHP:
> $_FILES['attachment']['error'] should be 0 if the file is uploaded
> correctly. If it's > 0, then you should throw an error regardless of size.
> So, assuming $_FILES['attachment']['error'] == 0,
> $_FILES['attachment']['size'] will give you the exact filesize in bytes.
> Check against this number, and you should be fine.
>
> However, if the upload size was higher than php.ini's upload_max_filesize,
> $_FILES['attachment']['error'] will have the value 1 (constant:
> UPLOAD_ERR_INI_SIZE), and will not be available to handle.
>
> So, in short, with code like:
>>
>> define('CUSTOM_MAX_UPLOAD_SIZE', (10*1024*1024) ); // 10MB
>> if( isset($_FILES['attachment']) && $_FILES['attachment']['error'] <= 1 )
>> {
>> if( ($_FILES['attachment']['error'] == 1) or
>> ($_FILES['attachment']['error'] == 0 && $_FILES['attachment']['size'] >
>> CUSTOM_MAX_UPLOAD_SIZE) ) {
>> exit('ERROR: upload too big');
>> } else {
>> // process the upload, store it, etc.
>> }
>> } else {
>> // something went wrong while uploading
>> }
>
> You should be fine.
> Of course, you should also check that your max request body size is large
> enough in Apache, though usually it allows requests far larger than PHP
> does.
>
> Hope this helps, and sorry if I sounded rude at first,
> - Tul
>
>>
>> I never claimed I want to know the file size before upload, just that
>> some solutions may do this.
>>
>>
>> On Fri, Jan 20, 2012 at 11:50 AM, Maciek Sokolewicz
>> wrote:
>> > Your problem here is the fact that you do not seem to grasp what is
>> > hapenning when a file is being uploaded, hence your question. So let me
>> > explain:
>> > 1. A user goes to your page by entering it into the browser.
>> > 2. The page is downloaded to the client, and the connection is closed.
>> > 3. The user chooses to upload a file via an HTML control (ie. an HTML
>> > input
>> > element of type="file".
>> > 4. The user submits the form
>> > 5. The browser makes a connection to the server containing a header
>> > saying
>> > "the following data is a file".
>> > 6. The server downloads all of the data from the user
>> > 7. The server parses the data, finds the header stating that the content
>> > is
>> > a file
>> > 8. The server invokes your PHP script, which decides "whoa! wait a
>> > minute,
>> > that file is too large" and shows an error.
>> > 9. The server removes the file from memory / temporary storage
>> > 10. The server sends back the error to the client, and closes the
>> > connection.
>> >
>> > The point I am trying to make here is the fact that the server does not
>> > know
>> > the size of the file, until it has fully downloaded it, since it is not
>> > given in any way. Good browsers let the server know what size to
>> > *expect*,
>> > but even then, you can't rely on it.
>> >
>> > All checking of how large a file is has to happen clien
[PHP] Re: Settings to Allow Precise File Upload Bytes
Answers are inside the mail
On 20 January 2012 21:18, Dee Ayy wrote:
> Obviously I don't want a Flash/Gears solution.
>
> FYI: Your #6 should be:
> The server uploads...
>
No, the server downloads, the client uploads. Downloading is performed by
the receiving end (in this case, the server), while uploading is done by
the serving end (in this case, the client). But that's a minor thing.
> Even though I do not want a Flash/Gears solution, I would be happy
> with your #8 stating:
> I won't fail silently, I'll report the problem to the user.
>
> Do you know the correct settings on any applicable LAMP/AJAX stack to
> get the error you claim is available in your step #8 and where to look
> for this error? Is $_FILES['attachment'] supposed to be set and
> hopefully something is in $_FILES['attachment']['error']?
> I decided to post here instead of trying various permutations.
>
>
> MySQL max_allowed_packet was mentioned because even if you correct #8,
> MySQL can choke on what Apache allowed through, and I included the DB
> list.
>
After rereading your post I noticed I had failed to read correctly. I'm
sorry. However, I still believe that the MySQL settings are not of any
interest here. The limitation should IMO be performed by PHP (or even
apache). By the time it gets to MySQL, all such checks should already have
been done. So let's ignore MySQL for now.
As for PHP:
$_FILES['attachment']['error'] should be 0 if the file is uploaded
correctly. If it's > 0, then you should throw an error regardless of size.
So, assuming $_FILES['attachment']['error'] == 0,
$_FILES['attachment']['size'] will give you the exact filesize in bytes.
Check against this number, and you should be fine.
However, if the upload size was higher than php.ini's upload_max_filesize,
$_FILES['attachment']['error'] will have the value 1 (constant:
UPLOAD_ERR_INI_SIZE), and will not be available to handle.
So, in short, with code like:
> define('CUSTOM_MAX_UPLOAD_SIZE', (10*1024*1024) ); // 10MB
> if( isset($_FILES['attachment']) && $_FILES['attachment']['error'] <= 1 ) {
>if( ($_FILES['attachment']['error'] == 1) or
> ($_FILES['attachment']['error'] == 0 && $_FILES['attachment']['size'] >
> CUSTOM_MAX_UPLOAD_SIZE) ) {
> exit('ERROR: upload too big');
>} else {
> // process the upload, store it, etc.
>}
> } else {
>// something went wrong while uploading
> }
>
You should be fine.
Of course, you should also check that your max request body size is large
enough in Apache, though usually it allows requests far larger than PHP
does.
Hope this helps, and sorry if I sounded rude at first,
- Tul
> I never claimed I want to know the file size before upload, just that
> some solutions may do this.
>
>
> On Fri, Jan 20, 2012 at 11:50 AM, Maciek Sokolewicz
> wrote:
> > Your problem here is the fact that you do not seem to grasp what is
> > hapenning when a file is being uploaded, hence your question. So let me
> > explain:
> > 1. A user goes to your page by entering it into the browser.
> > 2. The page is downloaded to the client, and the connection is closed.
> > 3. The user chooses to upload a file via an HTML control (ie. an HTML
> input
> > element of type="file".
> > 4. The user submits the form
> > 5. The browser makes a connection to the server containing a header
> saying
> > "the following data is a file".
> > 6. The server downloads all of the data from the user
> > 7. The server parses the data, finds the header stating that the content
> is
> > a file
> > 8. The server invokes your PHP script, which decides "whoa! wait a
> minute,
> > that file is too large" and shows an error.
> > 9. The server removes the file from memory / temporary storage
> > 10. The server sends back the error to the client, and closes the
> > connection.
> >
> > The point I am trying to make here is the fact that the server does not
> know
> > the size of the file, until it has fully downloaded it, since it is not
> > given in any way. Good browsers let the server know what size to
> *expect*,
> > but even then, you can't rely on it.
> >
> > All checking of how large a file is has to happen client-side. Due to
> > security reasons, languages such as javascript are not allowed to view
> any
> > details about files on your disk, and thus can't be used to determine the
> > filesize before sending anything to the server.
> >
> > The reason flash and gears can do this, is because these are designed
> > differently and actually form a separate program inside your browser,
> which
> > is not limited in its activity, as javascript (and vbscript in IE) are.
> >
> > So... you can use Flash and Gears to prevent upload of a too large file
> to
> > your server. But not plain HTML and/or javascript. Since the server does
> not
> > check the size until AFTER it has fully downloaded the file, there is no
> > setting in Apache, PHP, MySQL (which has absolutely nothing to do with
> > uploading at all), etc. Which are all server-side and ran after
Re: [PHP] Re: Settings to Allow Precise File Upload Bytes
On 01/20/2012 12:18 PM, Dee Ayy wrote:
Obviously I don't want a Flash/Gears solution.
FYI: Your #6 should be:
The server uploads...
Actually, from the perspective that he described it, his phrasing would
be correct. The server is actually receiving from the client the data.
This data is being downloaded from the client by the server.
Even though I do not want a Flash/Gears solution, I would be happy
with your #8 stating:
I won't fail silently, I'll report the problem to the user.
This all depends on your programming that report process. ie: check the
file size and spit out an error instead of continuing.
Do you know the correct settings on any applicable LAMP/AJAX stack to
get the error you claim is available in your step #8 and where to look
for this error? Is $_FILES['attachment'] supposed to be set and
hopefully something is in $_FILES['attachment']['error']?
I decided to post here instead of trying various permutations.
LAMP/AJAX has nothing to do with this issue.
He said "The server invokes your PHP script". Therefor it is up to you
to generating that error. You need to examine the filesize your self
and stop things at this point if you want this error to be created.
MySQL max_allowed_packet was mentioned because even if you correct #8,
MySQL can choke on what Apache allowed through, and I included the DB
list.
Write your PHP script correctly and mysql will never be in the picture.
I never claimed I want to know the file size before upload, just that
some solutions may do this.
On Fri, Jan 20, 2012 at 11:50 AM, Maciek Sokolewicz
wrote:
Your problem here is the fact that you do not seem to grasp what is
hapenning when a file is being uploaded, hence your question. So let me
explain:
1. A user goes to your page by entering it into the browser.
2. The page is downloaded to the client, and the connection is closed.
3. The user chooses to upload a file via an HTML control (ie. an HTML input
element of type="file".
4. The user submits the form
5. The browser makes a connection to the server containing a header saying
"the following data is a file".
6. The server downloads all of the data from the user
7. The server parses the data, finds the header stating that the content is
a file
8. The server invokes your PHP script, which decides "whoa! wait a minute,
that file is too large" and shows an error.
9. The server removes the file from memory / temporary storage
10. The server sends back the error to the client, and closes the
connection.
The point I am trying to make here is the fact that the server does not know
the size of the file, until it has fully downloaded it, since it is not
given in any way. Good browsers let the server know what size to *expect*,
but even then, you can't rely on it.
All checking of how large a file is has to happen client-side. Due to
security reasons, languages such as javascript are not allowed to view any
details about files on your disk, and thus can't be used to determine the
filesize before sending anything to the server.
The reason flash and gears can do this, is because these are designed
differently and actually form a separate program inside your browser, which
is not limited in its activity, as javascript (and vbscript in IE) are.
So... you can use Flash and Gears to prevent upload of a too large file to
your server. But not plain HTML and/or javascript. Since the server does not
check the size until AFTER it has fully downloaded the file, there is no
setting in Apache, PHP, MySQL (which has absolutely nothing to do with
uploading at all), etc. Which are all server-side and ran after the upload
has finished.
In other words: use the Flash/Gears solution, or just decide you don't mind
if a large file is uploaded. In the last case you can always reject the file
afterwards.
- Tul
On 20-01-2012 18:15, Dee Ayy wrote:
Please advise the proper settings (Apache/PHP/HTML/MySQL/Anything else
I missed) to allow a specific byte size upload and to deny 1 byte over
with error reporting in LAMP/AJAX. I've heard of Flash and Gears
solutions, but these require additional installs for the user -- just
to know the file size before an upload.
The server is Apache 2.
PHP is 5.1.6
HTML has
PHP ini :
file_uploadsOn On
upload_max_filesize 2M 2M
post_max_size 8M 8M
I believe MySQL max_allowed_packet 1,048,576 was affecting the MySQL
INSERT, so I changed MAX_FILE_SIZE to 103 above.
Now I am seeing cases where
if(isset($_FILES['attachment'])&&$_FILES['attachment']['size']>0){
evaluates to FALSE
How can I know that a file upload was attempted yet failed or will fail?
My last test case had the web page still claiming it was busy, yet I
noticed that the above condition must have evaluated to FALSE, failing
silently due to missing error reporting on my part (or the system's
part).
I am willing to make 2 requests:
1) just to find out if the attempted upload will fail and inform the user.
2) for the ac
[PHP] Re: Settings to Allow Precise File Upload Bytes
Obviously I don't want a Flash/Gears solution.
FYI: Your #6 should be:
The server uploads...
Even though I do not want a Flash/Gears solution, I would be happy
with your #8 stating:
I won't fail silently, I'll report the problem to the user.
Do you know the correct settings on any applicable LAMP/AJAX stack to
get the error you claim is available in your step #8 and where to look
for this error? Is $_FILES['attachment'] supposed to be set and
hopefully something is in $_FILES['attachment']['error']?
I decided to post here instead of trying various permutations.
MySQL max_allowed_packet was mentioned because even if you correct #8,
MySQL can choke on what Apache allowed through, and I included the DB
list.
I never claimed I want to know the file size before upload, just that
some solutions may do this.
On Fri, Jan 20, 2012 at 11:50 AM, Maciek Sokolewicz
wrote:
> Your problem here is the fact that you do not seem to grasp what is
> hapenning when a file is being uploaded, hence your question. So let me
> explain:
> 1. A user goes to your page by entering it into the browser.
> 2. The page is downloaded to the client, and the connection is closed.
> 3. The user chooses to upload a file via an HTML control (ie. an HTML input
> element of type="file".
> 4. The user submits the form
> 5. The browser makes a connection to the server containing a header saying
> "the following data is a file".
> 6. The server downloads all of the data from the user
> 7. The server parses the data, finds the header stating that the content is
> a file
> 8. The server invokes your PHP script, which decides "whoa! wait a minute,
> that file is too large" and shows an error.
> 9. The server removes the file from memory / temporary storage
> 10. The server sends back the error to the client, and closes the
> connection.
>
> The point I am trying to make here is the fact that the server does not know
> the size of the file, until it has fully downloaded it, since it is not
> given in any way. Good browsers let the server know what size to *expect*,
> but even then, you can't rely on it.
>
> All checking of how large a file is has to happen client-side. Due to
> security reasons, languages such as javascript are not allowed to view any
> details about files on your disk, and thus can't be used to determine the
> filesize before sending anything to the server.
>
> The reason flash and gears can do this, is because these are designed
> differently and actually form a separate program inside your browser, which
> is not limited in its activity, as javascript (and vbscript in IE) are.
>
> So... you can use Flash and Gears to prevent upload of a too large file to
> your server. But not plain HTML and/or javascript. Since the server does not
> check the size until AFTER it has fully downloaded the file, there is no
> setting in Apache, PHP, MySQL (which has absolutely nothing to do with
> uploading at all), etc. Which are all server-side and ran after the upload
> has finished.
>
> In other words: use the Flash/Gears solution, or just decide you don't mind
> if a large file is uploaded. In the last case you can always reject the file
> afterwards.
>
> - Tul
>
>
> On 20-01-2012 18:15, Dee Ayy wrote:
>>
>> Please advise the proper settings (Apache/PHP/HTML/MySQL/Anything else
>> I missed) to allow a specific byte size upload and to deny 1 byte over
>> with error reporting in LAMP/AJAX. I've heard of Flash and Gears
>> solutions, but these require additional installs for the user -- just
>> to know the file size before an upload.
>>
>> The server is Apache 2.
>> PHP is 5.1.6
>> HTML has
>>
>>
>>
>>
>> PHP ini :
>> file_uploads On On
>> upload_max_filesize 2M 2M
>> post_max_size 8M 8M
>>
>> I believe MySQL max_allowed_packet 1,048,576 was affecting the MySQL
>> INSERT, so I changed MAX_FILE_SIZE to 103 above.
>>
>> Now I am seeing cases where
>> if(isset($_FILES['attachment'])&& $_FILES['attachment']['size']> 0){
>>
>> evaluates to FALSE
>>
>> How can I know that a file upload was attempted yet failed or will fail?
>>
>> My last test case had the web page still claiming it was busy, yet I
>> noticed that the above condition must have evaluated to FALSE, failing
>> silently due to missing error reporting on my part (or the system's
>> part).
>>
>> I am willing to make 2 requests:
>> 1) just to find out if the attempted upload will fail and inform the user.
>> 2) for the actual upload if it should succeed.
>>
>>
>> TIA
>
>
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Settings to Allow Precise File Upload Bytes
Your problem here is the fact that you do not seem to grasp what is
hapenning when a file is being uploaded, hence your question. So let me
explain:
1. A user goes to your page by entering it into the browser.
2. The page is downloaded to the client, and the connection is closed.
3. The user chooses to upload a file via an HTML control (ie. an HTML
input element of type="file".
4. The user submits the form
5. The browser makes a connection to the server containing a header
saying "the following data is a file".
6. The server downloads all of the data from the user
7. The server parses the data, finds the header stating that the content
is a file
8. The server invokes your PHP script, which decides "whoa! wait a
minute, that file is too large" and shows an error.
9. The server removes the file from memory / temporary storage
10. The server sends back the error to the client, and closes the
connection.
The point I am trying to make here is the fact that the server does not
know the size of the file, until it has fully downloaded it, since it is
not given in any way. Good browsers let the server know what size to
*expect*, but even then, you can't rely on it.
All checking of how large a file is has to happen client-side. Due to
security reasons, languages such as javascript are not allowed to view
any details about files on your disk, and thus can't be used to
determine the filesize before sending anything to the server.
The reason flash and gears can do this, is because these are designed
differently and actually form a separate program inside your browser,
which is not limited in its activity, as javascript (and vbscript in IE)
are.
So... you can use Flash and Gears to prevent upload of a too large file
to your server. But not plain HTML and/or javascript. Since the server
does not check the size until AFTER it has fully downloaded the file,
there is no setting in Apache, PHP, MySQL (which has absolutely nothing
to do with uploading at all), etc. Which are all server-side and ran
after the upload has finished.
In other words: use the Flash/Gears solution, or just decide you don't
mind if a large file is uploaded. In the last case you can always reject
the file afterwards.
- Tul
On 20-01-2012 18:15, Dee Ayy wrote:
Please advise the proper settings (Apache/PHP/HTML/MySQL/Anything else
I missed) to allow a specific byte size upload and to deny 1 byte over
with error reporting in LAMP/AJAX. I've heard of Flash and Gears
solutions, but these require additional installs for the user -- just
to know the file size before an upload.
The server is Apache 2.
PHP is 5.1.6
HTML has
PHP ini :
file_uploadsOn On
upload_max_filesize 2M 2M
post_max_size 8M 8M
I believe MySQL max_allowed_packet 1,048,576 was affecting the MySQL
INSERT, so I changed MAX_FILE_SIZE to 103 above.
Now I am seeing cases where
if(isset($_FILES['attachment'])&& $_FILES['attachment']['size']> 0){
evaluates to FALSE
How can I know that a file upload was attempted yet failed or will fail?
My last test case had the web page still claiming it was busy, yet I
noticed that the above condition must have evaluated to FALSE, failing
silently due to missing error reporting on my part (or the system's
part).
I am willing to make 2 requests:
1) just to find out if the attempted upload will fail and inform the user.
2) for the actual upload if it should succeed.
TIA
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
