Common defects in php file upload

The value set for MAX_FILE_SIZE cannot be greater than the value set by the upload_max_filesize option in the ini setting. Its default value is 2M bytes.

If the memory limit setting is activated, memory_limit may need to be set larger. Please make sure the memory_limit setting is large enough.

If the value set by max_execution_time is too small, the script may take longer to run than this setting. Therefore, please also ensure that max_execution_time is large enough.

Note: max_execution_time only affects the running time of the script itself. Any other time spent outside of script running, such as calls to the system using the function system(), use of the sleep() function, database queries, file uploads, etc., are not included in calculating the maximum time the script can run.

Warning:max_input_time sets the maximum time in seconds for the script to receive input, including file uploads. For larger or multiple files, or when the user's Internet speed is slow, it may exceed the default 60 seconds.

If the value set by post_max_size is too small, larger files will not be uploaded. Therefore, please ensure that the value of post_max_size is large enough.

Failing to verify the file being operated may mean that the user can access sensitive information in other directories.

Please note that CERN httpd appears to discard all content after the first space in the content-type mime header it obtains from the client. Based on this, CERN httpd does not support the file upload feature.

Given that there are many ways to represent file paths, we cannot ensure that file names in various foreign languages ​​(especially those containing spaces) can be processed correctly.

Developers should not mix normal input fields and file upload fields using the same form variable (for example, both use foo[]).