<[EMAIL PROTECTED]> wrote : >> I am puzzled with file uploads too, for HTML_QuickForm. Setting the >> max_file_size doesn't change anything and it seems that there are >> incompatibilities with Opera browser, at least with version 6. >> >> Does PHP return an error or a message when the uploaded file is larger than >> max_file_size in the hidden field or larger than the php.ini upload >> parameter ? >> >> When testing, it seems that the script just ends without notice if uploaded >> file is too large. This way, I can't unfortunately indicate to the user that >> his file is too large. > > > In a common upload one get in HTTP_POST_FILES: > > userfile => array( > 'name' => .. > 'tmp_name' => .. > 'type' => .. > 'size' => ... > ) > > Previous to 4.1 when the file was too large one got: tmp_name -> 'none'. > But the "name" field filled, so I was able to say to the user: in the > input type file "usefile" you submited a file that exceeded the max > permitted size. In the other hand if the user doesn't submit any file > you get: name -> '', so you could say: you haven't submited any file in > the input "userfile". Not very intuitive but worked fine. > > Now in 4.1 if the user exceeded the max size or doesn't submit any file > the HTTP_POST_FILES is empty, so no way to detect what happens. > > In the next X release I heared from Jani that a new entry 'error' will > be filled with a new PHP constants (or whatever): > >> From CVS main/rfc1867.c > > /* Errors */ > #define UPLOAD_ERROR_A 1 /* Uploaded file exceeded upload_max_filesize > */ > #define UPLOAD_ERROR_B 2 /* Uploaded file exceeded MAX_FILE_SIZE */ > #define UPLOAD_ERROR_C 3 /* Only partiallly uploaded */ > #define UPLOAD_ERROR_D 4 /* No file uploaded */ > #define UPLOAD_ERROR_E 5 /* Uploaded file size 0 bytes */ > > As you can see in the next release we will able to get a detailed error > without more tricky work. Cool stuff Jani. > >> Hidden fields are low in term of security as they can be modified by user. > > Yes, it also limits the developer to set a unique max size for all the > files, plus the fact that is easily falseable as you say. The easy > solution is to only rely in upload_max_filesize from php.ini or just > restrict the size per file in the page that gets the uploads. > >> Could someone point me to resources about file uploads handling in PHP (as >> it also seems there are changes in PHP 4.1). I have RTFM but it didn't help. > > The test/error was for me the only way to build HTTP_Upload.
Thanks Tomas for these explanations. I guess I just have to wait for the next release of PHP to make a proper file upload system. It looks like a lot of code will be outdated quite soon then... Bertrand Mansion Mamasam -- PHP Development Mailing List <http://www.php.net/> To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
