Home >Backend Development >PHP Tutorial >Summary of PHP file upload problems (file size detection, large file upload processing), _PHP tutorial

Summary of PHP file upload problems (file size detection, large file upload processing), _PHP tutorial

WBOY
WBOYOriginal
2016-07-12 09:02:47836browse

Summary of PHP file upload issues (file size detection, large file upload processing),

Due to security issues involving both local and server aspects, based on input type="file "Page file upload in the form has always been in a very awkward position. On the one hand, users do not want their privacy to be leaked, so the browser cannot make effective judgments on the files selected by the user when uploading. On the other hand, for the sake of server-side security and reducing the transmission burden, the system hopes to reject illegal files before users start uploading.
Over time, uploading based on the original input method has become a legacy problem that network storage websites avoid, and it has also created all kinds of strange plug-ins and upload clients.
Is the input method of uploading so bad? Of course not. When uploading files is not large, it is still very simple and reliable. In PHP, we only need a composite form: Copy code The code is as follows: 3c3956f3bbe434df6ce9701268730b6a
An input box: Copy code The code is as follows:4a45a9d2971658990ef1dcb1c46a8bc7
And a line of code on the server side: Copy code The code is as follows: move_uploaded_file($_FILES['userfile']['tmp_name'], '/var/www/uploads/'. basename( $_FILES['userfile']['name']));
The entire upload process can be realized.
But as the file grows, the shortcomings of form upload will be exposed. In particular, the simple idea of ​​getting a minimum file size to prevent overly large file uploads has become so difficult. Let’s go through them one by one:
Pass MAX_FILE_SIZE
MAX_FILE_SIZE hidden field (unit: bytes) must be placed before the file input field, and its value is the maximum size of the received file. This is a recommendation for browsers, PHP will also check this. This setting can be easily bypassed on the browser side, so don't expect to use this feature to block large files. In fact, the maximum upload file size in PHP settings will not expire. But it is better to add this item to the form, because it can avoid the trouble of users spending time waiting for large files to be uploaded only to find that the file is too large and the upload fails.
Obviously PHP developers have also considered the issue of large file uploads, but as the manual says, MAX_FILE_SIZE is just a suggestion for browsers. In fact, all mainstream browsers so far have not adopted this suggestion, so the MAX_FILE_SIZE constraint is used The file size is just like a decoration and is not feasible.
Through server side
Since MAX_FILE_SIZE is invalid, the user can upload the file to the server. The server determines the size of the file uploaded by the user through $_FILES['userfile']['size'], and then decides whether to accept the upload and return the information. Excluding the load on the server and possible malicious acts of sabotage for the time being, this solution sounds like nothing more than a waste of bandwidth, and it also restricts users from uploading files.
But this is also not feasible. PHP file upload is affected by the following settings in php.ini:

  • post_max_size
  • upload_max_filesize
  • max_execution_time
  • memory_limit

Although the setting method is explained in detail in the manual, the reason why this method is still not feasible is because when the PHP execution script exceeds the memory_limit, all the POST data will be lost and no error will be reported!
Imagine that the user fills out an overly long form and uploads it along with a file that exceeds the memory_limit. After a long waiting time, he finds that what he is waiting for is another clean blank form. What an impressive user experience it is. ah. What's more, dozens of Mbytes of server traffic are only used to detect file sizes, which is not allowed in the current network environment.
via Javascript
Javascript is based on the browser. Although JS can complete many seemingly impossible tasks, JS cannot do things that the browser cannot do. Inherent shortcomings doom this work to Javascript alone. However, some IE Only methods still exist, for reference only.
via Flash
Flash’s FileReference class provides a relatively comprehensive set of file processing methods. Most large file uploads now use Flash-based solutions. If Flash is used to interact with Js, can the client detect the file size? The answer is yes.
First instantiate the FileReference class in the flash file.

var fr = new FileReference();

Based on this class, you can use the file browse and SelectFile events provided by Flash to replace browser events. We need:
1. Bind SelectFile

fr.addEventListener(Event.SELECT, onSelectFile);

2. Create an object for Js access to place the file information obtained by flash

var s = {
 size:0,
 name:'',
 type:''
}

3、创建file browse方法

function browseFile():void {<br>
 fr.browse();<br>
}

4、当SelectFile事件触发的时候,传递文件信息

function onSelectFile(e:Event):void {<br>
 s.size = fr.size;<br>
 s.name = fr.name;<br>
 s.type = fr.type;<br>
}

5、将browseFile方法公开可供Js调用

ExternalInterface.addCallback("browseFile", browseFile);

6、将得到的文件信息传递给Js

ExternalInterface.call("onSelectFile",s);

现在我们已经可以通过Js获得由flash传递来的文件大小信息了,具体的实现可以参看Demo 。
结论
问题至此似乎已经得到解决了,我们已经成功的校验了文件大小不是么。但本文的最终结论是,基于Flash的文件大小校验,仍然不可行。
文件大小校验的唯一目的,是为了上传。在上面的Demo中可以看到校验成功的文件名会显示在一个输入框里。熟悉上传的同学不觉得少了什么吗?没错,通过 flash只能得到文件名,而无法得到文件的完整路径,而文件路径却是input方式上传的必要条件。所以虽然可以成功的通过Flash与Js交互校验文 件大小,但我们能做到的也仅仅只是校验而已,之后想要上传,唯有继续通过flash方式进行。
Flash开发出于安全考虑屏蔽了文件的完整路径这无可厚非,不过文件上传,尤其是PHP环境下的文件校验上传方案仍然没有得到最好的解决。
当然弥补的方法有很多:

基于Perl的项目 FileChucker , XUpload , Uber-Uploader
基于Flash的项目 SWFUpload
还有筒子用PHP直接 在服务器华丽的建立socket链接

但终究我希望有一天能看到仅基于HTML就能实现的严整健壮的上传方案,但愿这一天不会太远。
最后是本次的代码下载 。
php文件上传大小设置详解
用php上传文件,问题最多的就是上传大体积文件时出现错误。 这就涉及到php的配置文件——php.ini
在此配置文件中,有这么几个值是跟文件上传有密切关系的:

  • file_uploads = on //是否允许系统支持文件上传
  • upload_tmp_dir //临时文件的存储路径,linux下为系统默认路径,win32下需要指定
  • upload_max_filesize = 2m //允许文件上传最大体积
  • post_max_size = 2m //通过post方法给php时,php所能接受的最大数据容量

如果你上传的文件体积在8m一下(通常情况),那修改以上设置就可以满足你的要求了。
但要>8m,那除了上面几个值,还要特别关注另外两个值了:

  • max_execution_time = 30 //每个script所执行的最大时间(php上传就时,体积大了,就是个时间问题)
  • memory_limit = 8m //每个script所能消耗的最大memory

试着把这两个值改大些。一般就可以解决大多数问题了。

就此推断,上传文件的体积是可以无穷大的。但还要考虑你的网络情况,等等。
在php.net上,有人说按照这个方法改了后,大于100m的文件还是会出错,不知道是不是PHP本身的问题了。

问题就先为大家介绍到这,希望对大家解决PHP文件上传问题有所帮助。

您可能感兴趣的文章:

  • PHP文件上传实例详解!!!
  • jQuery Ajax文件上传(php)
  • php 文件上传后缀名与文件类型对照表(几乎涵盖所有文件)
  • PHP 图片文件上传实现代码
  • php+ajax实现图片文件上传功能实例
  • PHP实现视频文件上传完整实例
  • ThinkPHP结合AjaxFileUploader实现无刷新文件上传的方法
  • 一个经典的PHP文件上传类分享
  • 通过修改配置真正解决php文件上传大小限制问题(nginx+php)

www.bkjia.comtruehttp: //www.bkjia.com/PHPjc/1084546.htmlTechArticleSummary of PHP file upload issues (file size detection, large file upload processing), because it involves both local and server aspects Security issues, so pages based on input type="file"...
Statement:
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn