php HTML 上传 MAX_FILE_SIZE 似乎不起作用
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/6327965/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
HTML Upload MAX_FILE_SIZE does not appear to work
提问by JM at Work
I am wondering how is the hidden field named MAX_FILE_SIZEsupposed to work?
我想知道命名的隐藏字段MAX_FILE_SIZE应该如何工作?
<form action="" method="post" enctype="multipart/form-data">
<!-- in byes must preceed file field -->
<input type="hidden" name="MAX_FILE_SIZE" value="2097152" />
<input type="file" name="upload" />
<input type="submit" name="submit" value="Submit" />
</form>
I uploaded a 4MB+ file but I got no warning from client side (I am not talking about server side). What is it MAX_FILE_SIZEsupposed to do?
我上传了一个 4MB+ 的文件,但我没有收到来自客户端的警告(我不是在谈论服务器端)。它MAX_FILE_SIZE应该做什么?
UPDATE
更新
OK so its for PHP to impose a "soft" limit. But is there any difference between using it and checking something like $_FILES['upload']['size'] < 2000in code?
好的,所以它对 PHP 施加了“软”限制。但是使用它和检查$_FILES['upload']['size'] < 2000代码之类的东西有什么区别吗?
回答by Shef
MAX_FILE_SIZEis in KB notbytes. You were right, it is in bytes. So, for a limit of 4MB convert 4MB in bytes {1024 * (1024 * 4)}try:
MAX_FILE_SIZE以KB 为单位而不是字节。你是对的,它以字节为单位。因此,对于 4MB 的限制,请convert 4MB in bytes {1024 * (1024 * 4)}尝试:
<input type="hidden" name="MAX_FILE_SIZE" value="4194304" />
Update 1
更新 1
As explained by others, you will never get a warning for this. It's there just to impose a soft limit on server side.
正如其他人所解释的那样,您永远不会收到警告。它只是在服务器端施加软限制。
Update 2
更新 2
To answer your sub-question. Yes, there is a difference, you NEVER trust the user input. If you want to always impose a limit, you always must check its size. Don't trust what MAX_FILE_SIZEdoes, because it can be changed by a user. So, yes, you should check to make sure it's always up to or above the size you want it to be.
回答你的子问题。是的,有区别,您永远不要相信用户输入。如果您想始终施加限制,则必须始终检查其大小。不要相信什么MAX_FILE_SIZE,因为它可以由用户更改。所以,是的,您应该检查以确保它始终达到或超过您想要的尺寸。
The difference is that if you have imposed a MAX_FILE_SIZEof 2MB and the user tries to upload a 4MB file, once they reach roughly the first 2MB of upload, the transfer will terminate and the PHP will stop accepting more data for that file. It will report the error on the files array.
不同之处在于,如果您强加了MAX_FILE_SIZE2MB 并且用户尝试上传 4MB 文件,一旦他们达到大约上传的前 2MB,传输将终止并且 PHP 将停止接受该文件的更多数据。它将报告文件数组上的错误。
回答by Roei Bahumi
Before I start, please let me emphasize that the size of the file must be checked on the server side. If not checked on server side, malicious users can override your client side limits, and upload huge files to your server. DO NOT TRUST THE USERS.
在开始之前,请让我强调一下,必须在服务器端检查文件的大小。如果没有在服务器端检查,恶意用户可以覆盖您的客户端限制,并将大文件上传到您的服务器。不要相信用户。
I played a bit with PHP's MAX_FILE_SIZE, it seemed to work only after the file was uploaded, which makes it irrelevant (again, malicious user can override it quite easily).
我玩了一下 PHP 的 MAX_FILE_SIZE,它似乎只有在文件上传后才起作用,这使它变得无关紧要(同样,恶意用户可以很容易地覆盖它)。
The javascript code below (tested in Firefox and Chrome), based on Matthew's post, will warn the user (the good, innocent one) a priori to uploading a large file, saving both traffic and the user's time:
下面的 javascript 代码(在 Firefox 和 Chrome 中测试),基于Matthew 的帖子,将先验警告用户(好的,无辜的)上传大文件,节省流量和用户的时间:
<form method="post" enctype="multipart/form-data"
onsubmit="return checkSize(2097152)">
<input type="file" id="upload" />
<input type="submit" />
<script type="text/javascript">
function checkSize(max_img_size)
{
var input = document.getElementById("upload");
// check for browser support (may need to be modified)
if(input.files && input.files.length == 1)
{
if (input.files[0].size > max_img_size)
{
alert("The file must be less than " + (max_img_size/1024/1024) + "MB");
return false;
}
}
return true;
}
</script>
回答by Nandakishore
To anyone who had been wonderstruck about some files being easily uploaded and some not, it could be a size issue. I'm sharing this as I was stuck with my PHP code not uploading large files and I kept assuming it wasn't uploading any Excel files. So, if you are using PHP and you want to increase the file upload limit, go to the php.ini file and make the following modifications:
对于那些对某些文件可以轻松上传而有些不能上传感到惊讶的人来说,这可能是一个大小问题。我之所以分享这个,是因为我的 PHP 代码无法上传大文件,而且我一直假设它没有上传任何 Excel 文件。因此,如果您使用的是 PHP 并且想要增加文件上传限制,请转到 php.ini 文件并进行以下修改:
upload_max_filesize = 2M
upload_max_filesize = 2M
to be changed to
改为
upload_max_filesize = 10Mpost_max_size = 10M
upload_max_filesize = 10Mpost_max_size = 10M
or the size required. Then restart the Apache server and the upload will start magically working. Hope this will be of help to someone.
或所需的尺寸。然后重新启动 Apache 服务器,上传将开始神奇地工作。希望这会对某人有所帮助。
回答by álvaro González
Actually, it doesn't really work. You can find an explanation in one of the comments in the manual page: http://www.php.net/manual/en/features.file-upload.php#74692
实际上,它并没有真正起作用。您可以在手册页的评论之一中找到解释:http: //www.php.net/manual/en/features.file-upload.php#74692
Answer to updated question: the obvious difference is that server-side checks are reliable, client-side checks are not.
更新问题的答案:明显的区别是服务器端检查可靠,客户端检查不可靠。
回答by SandroMarques
PHP.net explanation about MAX_FILE_SIZE hidden field.
PHP.net 关于 MAX_FILE_SIZE 隐藏字段的解释。
The MAX_FILE_SIZE hidden field (measured in bytes) must precede the file input field, and its value is the maximum filesize accepted by PHP. This form element should always be used as it saves users the trouble of waiting for a big file being transferred only to find that it was too large and the transfer failed. Keep in mind: fooling this setting on the browser side is quite easy, so never rely on files with a greater size being blocked by this feature. It is merely a convenience feature for users on the client side of the application. The PHP settings (on the server side) for maximum-size, however, cannot be fooled.
MAX_FILE_SIZE 隐藏字段(以字节为单位)必须位于文件输入字段之前,其值为 PHP 接受的最大文件大小。应始终使用此表单元素,因为它可以节省用户等待传输大文件时才发现它太大而传输失败的麻烦。请记住:在浏览器端欺骗此设置非常容易,因此切勿依赖此功能阻止更大尺寸的文件。对于应用程序客户端的用户来说,它只是一个方便的功能。然而,最大尺寸的 PHP 设置(在服务器端)是不能被愚弄的。
http://php.net/manual/en/features.file-upload.post-method.php
http://php.net/manual/en/features.file-upload.post-method.php
回答by Guffa
It's only supposed to send the information to the server. The reason that it must preceed the file field is that it has to come before the file payload in the request for the server to be able to use it to check the size of the upload.
它只应该将信息发送到服务器。它必须在文件字段之前的原因是它必须在请求中的文件有效负载之前,以便服务器能够使用它来检查上传的大小。
How the value is used on the server depends on what you use to take care of the upload. The code is supposedly intended for a specific upload component that specifically looks for that value.
该值在服务器上的使用方式取决于您用于处理上传的内容。该代码据称用于专门查找该值的特定上传组件。
It seems that the built in upload supportin PHP is one to use this field value.
PHP 中内置的上传支持似乎是使用此字段值的一种。
回答by Hamid Sarfraz
There IS A POINT in introducing MAX_FILE_SIZE client side hidden form field.
引入 MAX_FILE_SIZE 客户端隐藏表单字段有一个要点。
php.ini can limit uploaded file size. So, while your script honors the limit imposed by php.ini, different HTML forms can further limit an uploaded file size. So, when uploading video, form may limit* maximum size to 10MB, and while uploading photos, forms may put a limit of just 1mb. And at the same time, the maximum limit can be set in php.ini to suppose 10mb to allow all this.
php.ini 可以限制上传文件的大小。因此,虽然您的脚本遵守 php.ini 施加的限制,但不同的 HTML 表单可以进一步限制上传的文件大小。因此,在上传视频时,表单可能会限制*最大大小为 10MB,而在上传照片时,表单可能会限制为 1MB。同时,可以在 php.ini 中设置最大限制为 10mb 以允许所有这些。
Although this is not a fool proof way of telling the server what to do, yet it can be helpful.
尽管这不是告诉服务器该做什么的万无一失的方法,但它可能会有所帮助。
- HTML does'nt limit anything. It just forwards the server all form variable including MAX_FILE_SIZE and its value.
- HTML 不限制任何东西。它只是转发服务器所有表单变量,包括 MAX_FILE_SIZE 及其值。
Hope it helped someone.
希望它对某人有所帮助。
