PHP file upload detection and processing

This article mainly introduces PHP file upload detection and processing. Interested friends can refer to it. I hope it will be helpful to everyone.

Is the input method of uploading so bad? of course not. When uploading files is not large, it is still very simple and reliable. In PHP, we only need a composite form:

The code is as follows:

<form enctype="multipart/form-data" action="__URL__" method="POST">

An input box:

The code is as follows:

<input name="userfile" type="file" />

and one line of code on the server side:

The code is as follows:

move_uploaded_file($_FILES['userfile']['tmp_name'], '/var/www/uploads/'. basename($_FILES['userfile']['name']));

can realize the entire upload process.
But as the file grows, the shortcomings of form upload will be exposed. In particular, the simple idea of ​​getting a minimum file size to prevent overly large file uploads has become so difficult. Let’s go one by one:
Pass MAX_FILE_SIZEMAX_FILE_SIZE The hidden field (in bytes) must be placed before the file input field, and its value is the maximum size of the received file. This is a recommendation for browsers, PHP will also check this. This setting can be easily bypassed on the browser side, so don't expect to use this feature to block large files. In fact, the maximum upload file size in PHP settings will not expire. But it is better to add this item to the form, because it can avoid the trouble of users spending time waiting for large files to be uploaded only to find that the file is too large and the upload fails.
Obviously PHP developers have also considered the issue of large file uploads, but as the manual says, MAX_FILE_SIZE is just a suggestion for browsers. In fact, all mainstream browsers have not adopted this suggestion so far, so Using MAX_FILE_SIZE to limit the file size is just like a decoration and is not feasible.
Through the server sideSince MAX_FILE_SIZE is invalid, the user can upload the file to the server, and the server side determines the file uploaded by the user through $_FILES['userfile']['size'] file size and then decide whether to accept the upload and return the information. Excluding the load on the server and possible malicious sabotage for the time being, this solution sounds like nothing more than a waste of bandwidth, and it also restricts users from uploading files.
But this is not feasible. PHP file upload is affected by the following settings in php.ini:

• ##post_max_size

• upload_max_filesize

• ##max_execution_time

• memory_limit

  ##Although the setting method is explained in detail in the manual, So this method is still not feasible because when the PHP execution script exceeds the memory_limit, all the POST data will be lost and no error will be reported!
Imagine the user fills out an extremely long form and uploads it along with a file that exceeds the memory_limit. After a long waiting time, they find that what they are waiting for is another clean blank form. How impressive is that? user experience. What's more, dozens of Mbytes of server traffic are only used to detect file sizes, which is not allowed in the current network environment.

Through Javascript
Javascript is based on the browser. Although JS can complete many seemingly impossible tasks, JS cannot do things that the browser cannot do. Inherent shortcomings doom this work to Javascript alone. However, some IE Only methods still exist and are for reference only. Through Flash
Flash's FileReference class provides a relatively comprehensive set of file processing methods. Now most large file uploads also use Flash-based solutions. If Flash is used to interact with Js, can the client detect the file size? The answer is yes. First instantiate the FileReference class in the flash file.

var fr = new FileReference();

Based on this class, you can use the file browse and SelectFile events provided by Flash to replace browser events. We need:

1. Bind SelectFile

fr.addEventListener(Event.SELECT, onSelectFile);

2. Create an object for Js access to place the file information obtained by flash

var s = {
 size:0,
 name:'',
 type:''
}

3. Create file browse method

function browseFile():void {<br>
 fr.browse();<br>
}

4. When the SelectFile event is triggered, pass the file information

function onSelectFile(e:Event):void {<br>
 s.size = fr.size;<br>
 s.name = fr.name;<br>
 s.type = fr.type;<br>
}

5. Change browseFile The method is public and can be called by Js

ExternalInterface.addCallback("browseFile", browseFile);

6. Pass the obtained file information to Js

ExternalInterface.call("onSelectFile",s);

现在我们已经可以通过Js获得由flash传递来的文件大小信息了，具体的实现可以参看Demo 。
结论
问题至此似乎已经得到解决了，我们已经成功的校验了文件大小不是么。但本文的最终结论是，基于Flash的文件大小校验，仍然不可行。
文件大小校验的唯一目的，是为了上传。在上面的Demo中可以看到校验成功的文件名会显示在一个输入框里。熟悉上传的同学不觉得少了什么吗？没错，通过 flash只能得到文件名，而无法得到文件的完整路径，而文件路径却是input方式上传的必要条件。所以虽然可以成功的通过Flash与Js交互校验文 件大小，但我们能做到的也仅仅只是校验而已，之后想要上传，唯有继续通过flash方式进行。
Flash开发出于安全考虑屏蔽了文件的完整路径这无可厚非，不过文件上传，尤其是PHP环境下的文件校验上传方案仍然没有得到最好的解决。
当然弥补的方法有很多：

基于Perl的项目 FileChucker , XUpload , Uber-Uploader基于Flash的项目 SWFUpload还有筒子用PHP直接 在服务器华丽的建立socket链接

但终究我希望有一天能看到仅基于HTML就能实现的严整健壮的上传方案，但愿这一天不会太远。
最后是本次的代码下载 。
php文件上传大小设置详解用php上传文件，问题最多的就是上传大体积文件时出现错误。 这就涉及到php的配置文件——php.ini
在此配置文件中，有这么几个值是跟文件上传有密切关系的：

• file_uploads = on //是否允许系统支持文件上传

• upload_tmp_dir //临时文件的存储路径，linux下为系统默认路径，win32下需要指定

• upload_max_filesize = 2m //允许文件上传最大体积

• post_max_size = 2m //通过post方法给php时，php所能接受的最大数据容量

如果你上传的文件体积在8m一下（通常情况），那修改以上设置就可以满足你的要求了。
但要>8m，那除了上面几个值，还要特别关注另外两个值了：

• max_execution_time = 30 //每个script所执行的最大时间(php上传就时，体积大了，就是个时间问题)

• memory_limit = 8m //每个script所能消耗的最大memory

试着把这两个值改大些。一般就可以解决大多数问题了。

就此推断，上传文件的体积是可以无穷大的。但还要考虑你的网络情况，等等。
在php.net上，有人说按照这个方法改了后，大于100m的文件还是会出错，不知道是不是PHP本身的问题了。

总结：以上就是本篇文的全部内容，希望能对大家的学习有所帮助。

相关推荐：

PHP中基于sleep函数实现定时执行功能的方法

PHP 输出缓冲控制详解

php 输入输出流详解及实例分析

The above is the detailed content of PHP file upload detection and processing. For more information, please follow other related articles on the PHP Chinese website!