On Saturday 22 September 2007 7:44:55 pm Jeff Cohan wrote: > Dan Parry wrote: > > I might be wrong but this would be classed as > > 'exploitable'... Webservers should not be allowed > > to read from or write to clients... Of course there > > is ActiveX... > > I think we're off the point. > > My script is simply interrogating the value of the > $_FILES[userfile][size] array element. It's coming up as ZERO if it > exceeds the MAX_FILE_SIZE.
Exactly, no valid file was uploaded. The size of the valid file is therefore zero. > That seems odd to me. > But maybe that's > the way it's SUPPOSED to work. That's why I started this thread out > with "What am I missing?". > > Said another way: > > It seems that the server had to know the size of the file in order > to know it exceeded MAX_FILE_SIZE. So how can my script find out the > size? Can you use Javascript to check file size client side, send data via AJAX then issue warnings? (Remember the php mantra: "PHP is a server side language" ) As noted in the php.net documentation you quoted, and as mentioned previously, MAX_FILE_SIZE is a _hint_ to the browser. some browsers just don't take hints. Ray -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
