How should I go about handling http uploads that exceeds the <code>post_max_size</code> in a sane manner? In my configuration <code>post_max_size</code> is a few MB larger than <code>upload_max_filesize</code> The problems I'm having are: If a user uploads a file exceeding <code>post_max_size</code> <ul> <li>The _POST array is empty</li> <li>The _FILES array is empty, and of course any error codes therein are not present. </li> <li>No other info what kind of form post it is is accessible through theses means.</li> </ul> Part of the problem is that the receiving script takes different actions depending on the contents of the POST. I do have access to the <code>_SERVER</code> variables and can get clues as to what happened, i.e. <code>CONTENT_TYPE</code>, <code>CONTENT_LENGTH</code> and <code>REQUEST_METHOD</code>. It does however seem very problematic to make guesses based on those contents. MEMORY_LIMIT (set to 10 times the relevant sizes) and Apaches LimitRequestBody (set to unlimited) are found to not be at fault. As it stands now I have a hard time even providing any meaningful messages to the user. Is there any way to retain some form data to get better clues as to what has gone wrong? I'm very reluctant to move away from php.

Per the PHP documentation: <blockquote> If the size of post data is greater than post_max_size, the $_POST and $_FILES superglobals are empty. This can be tracked in various ways, e.g. by passing the $_GET variable to the script processing the data, i.e. <form action="edit.php?processed=1">, and then checking if $_GET['processed'] is set. </blockquote> If you need the limit increased for a specific script, you can try ini_set('post-max-size', $size_needed);. I'm not sure if it can be overridden within a script, though; that limit is probably there to specifically keep you from doing what you're trying to do.

How to detect if a user uploaded a file larger than post_max

How should I go about handling http uploads that exceeds the post_max_size in a sane manner?

In my configuration post_max_size is a few MB larger than upload_max_filesize The problems I'm having are:
If a user uploads a file exceeding post_max_size

The _POST array is empty
The _FILES array is empty, and of course any error codes therein are not present.
No other info what kind of form post it is is accessible through theses means.

Part of the problem is that the receiving script takes different actions depending on the contents of the POST.

I do have access to the _SERVER variables and can get clues as to what happened, i.e. CONTENT_TYPE, CONTENT_LENGTH and REQUEST_METHOD. It does however seem very problematic to make guesses based on those contents.

MEMORY_LIMIT (set to 10 times the relevant sizes) and Apaches LimitRequestBody (set to unlimited) are found to not be at fault.

As it stands now I have a hard time even providing any meaningful messages to the user.

Is there any way to retain some form data to get better clues as to what has gone wrong? I'm very reluctant to move away from php.

What is the maximum file upload size when using the GUI?

The filesize limit for using the Load Table Utility in the GUI is actually 50MB, as is pretty clearly spelled out in this article.

What is Upload_max_filesize and Post_max_size?

upload_max_filesize is the maximum size of an uploaded file. This is the limit for a SINGLE file. post_max_size, on the other hand, is the limit of the entire body of the request (which may include multiple files as well as other stuff).

For a simple fix that would require no server side changes, I would use the HTML5 File API to check the size of the file before uploading. If it exceeds the known limit, then cancel the upload. I believe something like this would work:

function on_submit()
{
  if (document.getElementById("upload").files[0].size > 666)
  {
    alert("File is too big.");
    return false;
  }

  return true;
}

<form onsubmit="return on_submit()">
<input id="upload" type="file" />
</form>

Obviously it's just a skeleton of an example, and not every browser supports this. But it wouldn't hurt to use this, as it could be implemented in such a way that it gracefully degrades into nothing for older browsers.

Of course this doesn't solve the issue, but it will at least keep a number of your users happy with minimal effort required. (And they won't even have to wait for the upload to fail.)

--

As an aside, checking $_SERVER['CONTENT_LENGTH'] vs the size of the post and file data might help detect if something failed. I think it when there is an error it will be non zero, while the $_POST and $_FILES would both be empty.

Per the PHP documentation:

If the size of post data is greater than post_max_size, the $_POST and $_FILES superglobals are empty. This can be tracked in various ways, e.g. by passing the $_GET variable to the script processing the data, i.e. <form action="edit.php?processed=1">, and then checking if $_GET['processed'] is set.

If you need the limit increased for a specific script, you can try ini_set('post-max-size', $size_needed);. I'm not sure if it can be overridden within a script, though; that limit is probably there to specifically keep you from doing what you're trying to do.

How to detect if a user uploaded a file larger than post_max_size?

Tags:

php

file-upload

php-5.3

Captain Giraffe

People also ask

2 Answers

Matthew

King Skippus

Recent Activity

Donate For Us