MAX_FILE_SIZE for HTML forms

Never heard of it and there is no such thing in html.

Never heard of it and there is no such thing in html.

It is recommended that we include this inside forms containing file uploads.

<input type="hidden" name="MAX_FILE_SIZE" value="512000" />

This limits the size of file that can be uploaded. I mostly use php, and it gives an error if the uploaded file exceeds this value. It must be similar in other scripting languages.

This limits the size of file that can be uploaded.

It does not. "name" is a name you assign to the input element and nothing else. I googled around and it seems it might be a common name used in PHP for such things but the form's "action" calls a PHP script where, I assume, that name is used to monitor the file size. In any case, HTML and the browser does absolutely nothing with the name except transmit it to the server inside the form.

i think this is what he wants
edit that in the php.ini file

i think this is php question more than an HTML...

Hi. I do not know how but MAX_FILE_SIZE really works. I've just tried it in my form in which PHP handles file uploads. After submitting a form which contains file, which size exceeds MAX_FILE_SIZE value, PHP $_FILES array doesn't comprise any file.

Could anyone tell me how it works?

This has nothing to do with HTML. Go ask on the PHP board. There is no such thing in HTML.

@drhowarddrfine
I agree with that.

MAX_FILE_SIZE is submitted via HTML but is used by PHP.

Its not a html tag, its an form input tag with the name of "MAX_FILE_SIZE".

PHP uses that variable to limit the file upload if its bigger than said amount.

Sources:
http://us3.php.net/manual/en/feature...oad.errors.php
http://www.developershome.com/wap/wa....asp?page=php3

** Edit **
Offensive comments removed.

as it was already stated it is not a HTML-question that belongs to this HTML-forum and therefor it was already suggested to post in the PHP-forum ... and i even wouldn't use that at all since it is just very simple to hack ... and the server has to double-check the uploaded file again to ensure the allowed filesize anyway. so i cannot imagine where this usage would be 'suggested'? ...

I stand by everything I said before, including the information posted. I may be a 'jackass' and a 'douche' but at least I'm not stupid and uninformed.

@ma7erick
As I welcome you to Bytes, I would like to point you in the general direction of posting in forums (here specifically but generally too).

When you have a question it is not appreciated (It is specifically against our rules) that you post it within an existing thread. This is called Thread Hijacking and will tend to upset the current participants.

Furthermore, it is good policy if you can, to post your new thread in the relevant forum.

I can see you're new at this so I'm not about to throw any infractions at you, but please try to remember this for future usage of the forums.

I think it's probably clear by now that you need the PHP forum for this particular question. Good luck.

Administrator.

I know this is late after the thread has basically died but after finding this listing from a google search i thought i better mention it.

It does look as though this is some sort of HTML tag.

I have done a simple test using the following code, this code has the MAX_FILE_SIZE within it as a HTML tag, there is no php code on this page.

-----FILE UPLOAD CODE-----
--------------------------

Here is my PHP code, note how there is NO reference to MAX_FILE_SIZE at all.

-----PHP FILE ACCEPT CODE-----
The argument MAX_FILE_SIZE is never referenced by any of my PHP code and i do no checks on the file size, yet if i upload a file over 100K it fails........

It is as though the form from HTML is not passing the file names / form arguments through to the php file.

I just had to post this in case anyone else finds this thread in google and wants some more information like i did.

Because THERE IS NO SUCH THING AS MAX_FILE_SIZE IN HTML. Here is the list of ALL html elements and a link at the top for ALL HTML attributes as published by the W3C.

Any further comments remotely implying that there is such a thing in the HTML spec is pure poppycock.

Ah, so it's a magical item that doesn't exist but works exactly as expected?

could it be built into the browser?

see this comment in the PHP manual.

I'm just reviewing this thread, and I'm a bit inexperienced in both of these areas. Can I ask, does what is being said indicate that essentially the MAX_FILE_SIZE is a PHP setting and not related to HTML at all?

It’s a bit of a two-edged sword, on the one hand side, there is no relation to a HTML spec (the "max_file_size" is only the name of a form field). on the other hand side, there is no note in the PHP manual (not in the official part that I know of), that a php.ini setting (runtime configuration) can be applied by sending an appropriate $_REQUEST entry (esp. since "max_file_size" is not even a PHP directive, that would be "post_max_size" or "upload_max_size").

<input type="hidden" name="MAX_FILE_SIZE" value="100000" />

This does client-side checks to make sure the file was within acceptable limits, but it does NOT actually prevent the user from uploading a file of that size, they can simply remove that line using a real-time HTML editor or something like "Developer Tools" in IE8.

It's always recommended that you have both client-side AND server-side confirmation of files when uploading. I wish I still had an example that I'd written years ago, but sadly I think I either deleted it or moved it somewhere I don't remember.

Still, you're definately going to want server-side confirmation of the uploaded files. Check to make sure they're the right type (sometimes the mimetype can be spoofed by simply changing the file extension, so you'll need to be 100% positive you can confirm this particular file,) the right size, etc. Client-side scripting is just too prone to modifications by...well, the client. Use them, don't ever rely on them.

I came to this forum looking for answers on MAX_FILE_SIZE.

Let me express, first, my impressions on the subject.

Agreed, it is not an HTML misterious tag; it is a PHP feature. It can be editted, as all client side info, agreed too, but that's irrelevant because it is not meant as a security meassure at all. By adding an element named MAX_FILE_SIZE to an HTML form, PHP knows in advance which is the maximum size of an uploaded file, thus catching the error BEFORE attempting to upload the file, saving the user a long wasted time. The value is expressed in bytes (an integer) and should be equal or a little lower than PHP's directive upload_max_filesize.

** Edit **
Removed argumentative content. Please read the rules before posting again.

Let me first congratulate you on putting your points forward clearly and concisely. I understood your purport with almost no previous understanding of the main concepts.

That said, please don't use these forums as somewhere to criticise other members. That is against our rules for reasons I would have expected were pretty obvious.

My bad, missplaced.

No harm. No foul.

Welcome to Bytes Diego.

Here's a quote from php.net.

"The MAX_FILE_SIZE hidden field (measured in bytes) must precede the file input field, and its value is the maximum filesize accepted by PHP. This form element should always be used as it saves users the trouble of waiting for a big file being transferred only to find that it was too large and the transfer failed. Keep in mind: fooling this setting on the browser side is quite easy, so never rely on files with a greater size being blocked by this feature. It is merely a convenience feature for users on the client side of the application. The PHP settings (on the server side) for maximum-size, however, cannot be fooled."

The quote can be found here. Hope this will bring to understanding.