Hello,
I want to upload files via an HTML form and store them somewhere on my
webspace. So far so good. I am just a bit concerned about security issues
and traffic. My provider has set a file size limit of 20MB in php.ini. My
questions are:
1) If some evil web terrorist tries to upload a file which is larger than
the maximum allowed by the setting in php.ini - will the transfer be
cancelled by the server when the limit is reached so that there will not be
unnecessary traffic or will the whole file still be transmitted to the
server?
2) If the transfer is cancelled, is there a way for me to limit the maximum
upload file size to *less* than what my provider specifies - serverside?
3) How can I prevent evil people from uploading file after file (using some
automated process) and thus filling up my webspace and using up my monthly
traffic volume?
Thanks and greetings,
Thomas
P.S.: Does this NG have a FAQ?
--
Jul 16 '05
11 6436
I've just tried out different settings for post_max_size and
upload_max_file size in php.ini. As was to be expected, the post_max_size
prevails, and if my file is bigger than that, the corresponding
$_FILES['myfile'] does not exist. So it actually makes no sense to make
upload_max_file size bigger than post_max_size - still, this seems to be the
default setting...? Well, ini_set() is not just for setting this one option. It certainly works
It doens't have all the values there though, so if they allowed that value to be changed then it must do something. I now think that it must take affect on the calling page if anything.
So I have something else to try out tomorrow... fine with other things, only in this special case it is not very helpful. But as PHP is running as a CGI with my provider, doesn't this mean I have my very own "environmen t" all to myself, so theoretically I should be allowed to modify "my" php.ini somehow? What actually is the difference between those local and master values that phpinfo() reports?
To be honest i've never seen a difference between the Local and Master values on any server yet. I don't think its to do with CGI though - thats just a different way to get PHP to work, but it is usually a master thing for the whole server, not separate for individual folders or whatever. Unless they've given you access via something other than FTP or web based uploads though, theres no way you'd ever see PHP.ini anyway. Ask your ISP though, see what they say - probably won't be very helpful, but just sending a quick e-mail can't hurt, and could maybe be useful if you get someone who knows something to respond.
"If", yes, indeed. Still, I will try.
Greetings, Thomas
> I've just tried out different settings for post_max_size and upload_max_file size in php.ini. As was to be expected, the post_max_size prevails, and if my file is bigger than that, the corresponding $_FILES['myfile'] does not exist. So it actually makes no sense to make upload_max_file size bigger than post_max_size - still, this seems to be
the default setting...?
Possibly if someone uploads by some method other than POST - not GET cos
that isn't big enough, so not sure what's left... Maybe something, but
doesn't matter.
You're getting closer to an answer anyway - just got to make sure it takes
affect on the right page now, which should be easy to try.
David This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics |
by: Tihon |
last post by:
Hello!
I again need your help, just can't understand whats going on.
Got this upload pictures form and it's having problem handling large
files (~1.5 - 2 MB).
Everything works fine if i just upload files, like this:
copy ($myfile, $uploadfolder . "/" . $myfile_name);
Everything works fine, it can process large files and everything,
but i need to make sure that people only upload pictures, so i change
|
by: Simon |
last post by:
I would like to create a very basic file upload add image form to add
to my web site and to keep them in a "tmp" directory within my web
hosting file manager once uploaded.
I understand the basic html for the form and the basic php scripting
but the fine details ie method post etc needs help also at this stage
I dont want to involve mysql data base. were should I start.
|
by: matt |
last post by:
I have compiled some code, some written by me, some compiled from
various sources online, and basically i've got a very simple flat file
photo gallery. An upload form, to upload the photos and give them a
caption, storing the caption and filename in a text file. It's a bit
buggy when removing the photos and captions from the file, and also in
displaying them on the delete page. you can see it in action at
www.4am.com.au/gallery/upload.php...
|
by: Sky Sigal |
last post by:
I have created an IHttpHandler that waits for uploads as attachments for a
webmail interface, and saves it to a directory that is defined in
config.xml.
My question is the following:
assuming that this is suppossed to end up as a component for others to use,
and therefore I do NOT have access to their global.cs::Session_End()
how do I cleanup files that were uploaded -- but obviously left stranded
when the users aborted/gave up writting...
|
by: mark |
last post by:
How do I detect that a particular form element is a file upload or if
the file upload has worked?
In the Python cgi module documentation I found suggested code...
form = cgi.FieldStorage()
fileitem = form
if fileitem.file:
# It's an uploaded file; count lines
| |
by: pbd22 |
last post by:
hi.
i am having probs understanding how to grab a file being uploaded from
a remote client. i am using hidden input fields for upload such as:
<input id="my_file_element" type="file" name="file_1" size=46 /><input
type=submit />
so, after adding a few files, the input fields look like this:
|
by: hotflash |
last post by:
Hi All,
I found the best pure ASP code to upload a file to either server and/or MS Access Database. It works fine for me however, there is one thing that I don't like and have tried to fix but don't have any luck is to do a form validation. This script requires the files: db-file-to-disk.asp and _upload.asp. There is a DESCRIPTION field in the db-file-to-disk.asp file, what I want to do is the user has to field out this fied before...
|
by: chrisj |
last post by:
I'm using freeASPupload and got some assistance integrating to a Member script. It works successfully.
In this modified version there are two groups that use this upload script. Members of one group get automatically re-directed after uploading.
However, this member group never gets the benefit of knowing if they've uploaded an incorrect file size or incorrect file extension.
Members from the second group do see the "exceeds max file...
|
by: Jacotheron |
last post by:
I need a PHP script that can upload music files (mp3). The script is for a home project I have started a while ago. I have a MySQL database of all the music that I have. Other computers on the network should be able to connect to the database and run queries on the database or upload new music that does not yet exist on the database. The uploaded file's name should be in the following format: ARTIST - TITLE.mp3. I have the code to upload images,...
|
by: Curtis Rutland |
last post by:
Building A Silverlight (2.0) Multi-File Uploader
All source code is C#. VB.NET source is coming soon.
Note: This project requires Visual Studio 2008 SP1 or Visual Web Developer 2008 SP1 and Silverlight 2.0. To get these tools please visit this page
Get Started : The Official Microsoft Silverlight Site
and follow Step 1.
Occasionally you find the need to have users upload multiple files at once. You could use multiple FileUpload...
|
by: marktang |
last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However, people are often confused as to whether an ONU can Work As a Router. In this blog post, we’ll explore What is ONU, What Is Router, ONU & Router’s main usage, and What is the difference between ONU and Router. Let’s take a closer look !
Part I. Meaning of...
| |
by: Hystou |
last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can effortlessly switch the default language on Windows 10 without reinstalling. I'll walk you through it.
First, let's disable language synchronization. With a Microsoft account, language settings sync across devices. To prevent any complications,...
|
by: Oralloy |
last post by:
Hello folks,
I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>".
The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed.
This is as boiled down as I can make it.
Here is my compilation command:
g++-12 -std=c++20 -Wnarrowing bit_field.cpp
Here is the code in...
|
by: jinu1996 |
last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that captivates audiences and drives business growth.
The Art of Business Website Design
Your website is...
|
by: tracyyun |
last post by:
Dear forum friends,
With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the choice of these technologies. I'm particularly interested in Zigbee because I've heard it does some...
|
by: agi2029 |
last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then launch it, all on its own....
Now, this would greatly impact the work of software developers. The idea...
|
by: isladogs |
last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM).
In this session, we are pleased to welcome a new presenter, Adolph Dupré who will be discussing some powerful techniques for using class modules.
He will explain when you may want to use classes instead of User Defined Types (UDT). For example, to manage the data in unbound forms.
Adolph will...
| |
by: TSSRALBI |
last post by:
Hello
I'm a network technician in training and I need your help.
I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs.
The last exercise I practiced was to create a LAN-to-LAN VPN between two Pfsense firewalls, by using IPSEC protocols.
I succeeded, with both firewalls in the same network. But I'm wondering if it's possible to do the same thing, with 2 Pfsense firewalls...
|
by: 6302768590 |
last post by:
Hai team
i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system
| |