Summary of PHP file upload problems (file size detection, large file upload processing),

Summary of PHP file upload issues (file size detection, large file upload processing),

Due to security issues involving both local and server aspects, based on input type="file "Page file upload in the form has always been in a very awkward position. On the one hand, users do not want their privacy to be leaked, so the browser cannot make effective judgments on the files selected by the user when uploading. On the other hand, for the sake of server-side security and reducing the transmission burden, the system hopes to reject illegal files before users start uploading.
Over time, uploading based on the original input method has become a legacy problem that network storage websites avoid, and it has also created all kinds of strange plug-ins and upload clients.
Is the input method of uploading so bad? Of course not. When uploading files is not large, it is still very simple and reliable. In PHP, we only need a composite form: Copy code The code is as follows:

An input box: Copy code The code is as follows:
And a line of code on the server side: Copy code The code is as follows: move_uploaded_file($_FILES['userfile']['tmp_name'], '/var/www/uploads/'. basename( $_FILES['userfile']['name']));
The entire upload process can be realized.
But as the file grows, the shortcomings of form upload will be exposed. In particular, the simple idea of getting a minimum file size to prevent overly large file uploads has become so difficult. Let’s go through them one by one:
Pass MAX_FILE_SIZE
MAX_FILE_SIZE hidden field (unit: bytes) must be placed before the file input field, and its value is the maximum size of the received file. This is a recommendation for browsers, PHP will also check this. This setting can be easily bypassed on the browser side, so don't expect to use this feature to block large files. In fact, the maximum upload file size in PHP settings will not expire. But it is better to add this item to the form, because it can avoid the trouble of users spending time waiting for large files to be uploaded only to find that the file is too large and the upload fails.
Obviously PHP developers have also considered the issue of large file uploads, but as the manual says, MAX_FILE_SIZE is just a suggestion for browsers. In fact, all mainstream browsers so far have not adopted this suggestion, so the MAX_FILE_SIZE constraint is used The file size is just like a decoration and is not feasible.
Through server side
Since MAX_FILE_SIZE is invalid, the user can upload the file to the server. The server determines the size of the file uploaded by the user through $_FILES['userfile']['size'], and then decides whether to accept the upload and return the information. Excluding the load on the server and possible malicious acts of sabotage for the time being, this solution sounds like nothing more than a waste of bandwidth, and it also restricts users from uploading files.
But this is also not feasible. PHP file upload is affected by the following settings in php.ini:

post_max_size
upload_max_filesize
max_execution_time
memory_limit

Although the setting method is explained in detail in the manual, the reason why this method is still not feasible is because when the PHP execution script exceeds the memory_limit, all the POST data will be lost and no error will be reported!
Imagine that the user fills out an overly long form and uploads it along with a file that exceeds the memory_limit. After a long waiting time, he finds that what he is waiting for is another clean blank form. What an impressive user experience it is. ah. What's more, dozens of Mbytes of server traffic are only used to detect file sizes, which is not allowed in the current network environment.
via Javascript
Javascript is based on the browser. Although JS can complete many seemingly impossible tasks, JS cannot do things that the browser cannot do. Inherent shortcomings doom this work to Javascript alone. However, some IE Only methods still exist, for reference only.
via Flash
Flash’s FileReference class provides a relatively comprehensive set of file processing methods. Most large file uploads now use Flash-based solutions. If Flash is used to interact with Js, can the client detect the file size? The answer is yes.
First instantiate the FileReference class in the flash file.

var fr = new FileReference();

Copy after login

Based on this class, you can use the file browse and SelectFile events provided by Flash to replace browser events. We need:
1. Bind SelectFile

fr.addEventListener(Event.SELECT, onSelectFile);

Copy after login

2. Create an object for Js access to place the file information obtained by flash

var s = {
 size:0,
 name:'',
 type:''
}

Copy after login

3、创建file browse方法

function browseFile():void {<br>
 fr.browse();<br>
}

Copy after login

4、当SelectFile事件触发的时候，传递文件信息

function onSelectFile(e:Event):void {<br>
 s.size = fr.size;<br>
 s.name = fr.name;<br>
 s.type = fr.type;<br>
}

Copy after login

5、将browseFile方法公开可供Js调用

ExternalInterface.addCallback("browseFile", browseFile);

Copy after login

6、将得到的文件信息传递给Js

ExternalInterface.call("onSelectFile",s);

Copy after login

现在我们已经可以通过Js获得由flash传递来的文件大小信息了，具体的实现可以参看Demo 。
结论
问题至此似乎已经得到解决了，我们已经成功的校验了文件大小不是么。但本文的最终结论是，基于Flash的文件大小校验，仍然不可行。
文件大小校验的唯一目的，是为了上传。在上面的Demo中可以看到校验成功的文件名会显示在一个输入框里。熟悉上传的同学不觉得少了什么吗？没错，通过 flash只能得到文件名，而无法得到文件的完整路径，而文件路径却是input方式上传的必要条件。所以虽然可以成功的通过Flash与Js交互校验文件大小，但我们能做到的也仅仅只是校验而已，之后想要上传，唯有继续通过flash方式进行。
Flash开发出于安全考虑屏蔽了文件的完整路径这无可厚非，不过文件上传，尤其是PHP环境下的文件校验上传方案仍然没有得到最好的解决。
当然弥补的方法有很多：

基于Perl的项目 FileChucker , XUpload , Uber-Uploader
基于Flash的项目 SWFUpload
还有筒子用PHP直接 在服务器华丽的建立socket链接

但终究我希望有一天能看到仅基于HTML就能实现的严整健壮的上传方案，但愿这一天不会太远。
最后是本次的代码下载。
php文件上传大小设置详解
用php上传文件，问题最多的就是上传大体积文件时出现错误。这就涉及到php的配置文件——php.ini
在此配置文件中，有这么几个值是跟文件上传有密切关系的：