在客户端检测文件上传大小？ [英] Detecting file upload size on the client side?

问题描述

我正在使用PHP进行文件上传。在 PHP手册中，它显示了一个使用示例一个 MAX_FILE_SIZE 隐藏字段，表示它会在客户端（即浏览器）检测文件是否过大。

我刚刚在Firefox，Chrome和IE中尝试过这个例子，但它不起作用。该文件总是上传，即使它大于指定的隐藏字段。

顺便说一句，如果文件大于 MAX_FILE_SIZE

code>然后调用 move_uploaded_file 不起作用，所以看起来这个变量在服务器端有一个效果，而不是在客户端。

解决方案

关于 MAX_FILE_SIZE

>

...在 http://pk.php.net/manual/en/features.file-upload.post-method.php 和其他格式的等价位置，据说
浏览器采取
帐户中的MAX_FILE_SIZE表单字段的值。

此信息在网络和书籍中的其他位置重复，但
似乎来源于PHP文档（它不会以
的形式出现在其他服务器端技术上）

b
$ b在HTML，HTTP或相关规范中没有任何内容表明
是这种情况（尤其是引入文件
upload的RFC 1867）到HTML没有提及它，所以它甚至不是在第一个RFC中提到的kludge
的情况，然后被丢弃），也没有在上下文中感觉到
的HTML规范（没有什么可以指出特定的隐藏输入和文件输入之间的
关系）。
我可以在其中找到的关于隐藏字段的唯一声明是
警告在安全注意事项部分针对用户代理
基于隐藏的$ b中提到的任何文件相关操作$ b字段。

没有浏览器将其作为扩展名执行。事实上，假设
在一个隐藏字段中可能还有其他可能的含义，那就是
在应用程序中处理多个文件上传的名称，那么将有
被认为是任何设计缺陷。 / p>

我认为主流浏览器中没有这样的机制（如果有的话
），实际上不应该是这样。引用它应该从
文档中删除。

我进一步建议，由于这个想法已经从这个
文档传播到其他地方，如果一个机制是需要或希望更快地处理这种
类文件处理的问题，那么它不工作应该是
添加。

它要求功能允许PHP
拦截在请求完成之前正在上传的流，
将完全不同于本文档建议的
应该被处理，即使它是真的。 。

• http://www.juangiordana.com.ar/blog/2007/12/08/max_file_size-erroneo/






$ b

下面的代码来自swfUpload php的实现：

  // Check post_max_size（http://us3.ph p.net/manual/en/features.file-upload.php#73762）
 $ POST_MAX_SIZE = ini_get（'post_max_size'）; 
 $ unit = strtoupper（substr（$ POST_MAX_SIZE，-1））; 
 $ multiplier =（$ unit =='M'？1048576：（$ unit =='K'？1024：（$ unit =='G'？1073741824：1）））; （（int）$ _ SERVER ['CONTENT_LENGTH']> $ multiplier *（int）$ POST_MAX_SIZE&& $ POST_MAX_SIZE）{
 header（HTTP / 1.1 500 Internal服务器错误）; 
 echoPOST超出了允许的最大大小。 
 exit（0）; 
} 
 //验证文件大小（警告这个代码支持的最大文件是2GB）
 $ max_file_size_in_bytes = 2147483647; 
 $ file_size = @filesize（$ _ FILES [$ upload_name] [tmp_name]）; 
 if（！$ file_size || $ file_size> $ max_file_size_in_bytes）{
 HandleError（File exceeded the maximum allowed size）; 
 exit（0）; 
} 
  




I'm using PHP for file uploads. In the PHP manual it shows an example using a MAX_FILE_SIZE hidden field, saying that it will detect on the client side (i.e. the browser) whether the file is too large or not.

I've just tried the example in Firefox, Chrome and IE and it doesn't work. The file is always uploaded, even if it is way larger than the specified hidden field.

Incidentally, if the file is larger than MAX_FILE_SIZE then calling move_uploaded_file doesn't work, so it seems the variable is having an effect server-side, but not client-side.

解决方案

On MAX_FILE_SIZE

Read This:

...At http://pk.php.net/manual/en/features.file-upload.post-method.php and equivalent locations in other formats, it is stated that browsers take the value of a MAX_FILE_SIZE form field into account.

This information is repeated elsewhere on the web and in books, but appears to originate from the PHP documentation (it does not appear in terms of other server-side technologies).

There is nothing in any of the HTML, HTTP or related specs to indicate that this is the case (in particular RFC 1867 which introduced file uploads to HTML doesn't mention it, so it isn't even a case of a kludge that was mentioned in the first RFC and then dropped) nor does it make sense in the context of the HTML specs (there is nothing to indicate any relationship between that particular hidden input and the file input). The only statements about hidden fields I could find in any of them was warnings in the security considerations sections against user-agents basing any file-related operations on anything mentioned in a hidden field.

No browsers appear to perform this as an "extension". Indeed given that there are potentially other possible meanings for a hidden field with that name in an application handling several file uploads, it would have to be considered a design flaw any any did.

I submit that there is no such mechanism in mainstream browsers (if any at all) and indeed shouldn't be. Reference to it should be dropped from documentation.

I'd further suggest that since this idea has propagated from this documentation elsewhere that a note about it not working should to be added.

If a mechanism is required or desired for more rapidly handling this sort of file handling issue then it requires functionality to allow PHP to intercept streams being uploaded before request completion, which would be completely different to how this documentation suggest it should be dealt with, even if it was true...

• http://www.juangiordana.com.ar/blog/2007/12/08/max_file_size-erroneo/

---

the code below come from swfUpload php implementation:

// Check post_max_size (http://us3.php.net/manual/en/features.file-upload.php#73762)
    $POST_MAX_SIZE = ini_get('post_max_size');
    $unit = strtoupper(substr($POST_MAX_SIZE, -1));
    $multiplier = ($unit == 'M' ? 1048576 : ($unit == 'K' ? 1024 : ($unit == 'G' ? 1073741824 : 1)));

    if ((int)$_SERVER['CONTENT_LENGTH'] > $multiplier*(int)$POST_MAX_SIZE && $POST_MAX_SIZE) {
        header("HTTP/1.1 500 Internal Server Error");
        echo "POST exceeded maximum allowed size.";
        exit(0);
    }
// Validate the file size (Warning the largest files supported by this code is 2GB)
    $max_file_size_in_bytes = 2147483647;           
    $file_size = @filesize($_FILES[$upload_name]["tmp_name"]);
        if (!$file_size || $file_size > $max_file_size_in_bytes) {
            HandleError("File exceeds the maximum allowed size");
            exit(0);
        }

这篇关于在客户端检测文件上传大小？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！