Size validation in PHP ensures that uploaded files meet your requirements
There are a few more checks that we’ll need to look into while uploading files. We’ve uploaded a file and restricted users from uploading all file types, but there are still a few more things that we’ll need to check like file size. I’m purposefully taking a more drawn out approach to this topic since most people feel overwhelmed when they see the full script in action and never see the components for what they are: individual checks.
https://blog.devgenius.io/php-p78-checking-file-types-ffb2762d2d19
Recap
We have a basic HTML form and a simple process script.
<form action="./upload.php" method="post" enctype="multipart/form-data">
<div>
Select Image to upload:
</div>
<div>
<input type="file" name="file_name" id="file_name">
</div>
<div>
<input type="submit" name="submit" value="Upload">
</div>
</form>
<?php
$file_name = $_FILES["file_name"]["name"];
$target_file = "uploads/" . $file_name;
$temp_file = $_FILES["file_name"]["tmp_name"];
$allowed = ['jpg', 'png'];
$extension = pathinfo($file_name, PATHINFO_EXTENSION);
if ( ! in_array($extension, $allowed) )
{
die("The format is not correct. You may only upload: " . implode(", ", $allowed));
}
move_uploaded_file($temp_file, $target_file);
echo "Your image was successfully uploaded.";
In our file upload script above, the first check that occurs is the file extension check. After it passes, the file is moved from its temporary location to its final location.
File Size Check
Next on our list is to restrict the file size above a certain threshold. We need to make sure that the file storage doesn’t get filled up with unnecessarily large files.
How can we do this? Let’s see what our $_FILES array holds that might help us.
var_dump($_FILES);
array (size=1)
'file_name' =>
array (size=5)
'name' => string '75-Get-vs-Post.jpg' (length=18)
'type' => string 'image/jpeg' (length=10)
'tmp_name' => string '/tmp/phpbRYmkz' (length=14)
'error' => int 0
'size' => int 133821
It’s pretty clear to see. We have a size key within our $_FILES['file_name'] array. To access it, we just need to use $_FILES['file_name']['size']. It is in bytes, so we’ll need to restrict it in bytes.
1KB = 1024 bytes
1MB = 1048576 bytes
1GB = 1073741824 bytes
1TB = 1099511627776 bytes
If we wanted to restrict the user to 1MB, we will need to test against 1,048,576 bytes.
Simple trick to calculate size. 1MB * 1024 * 1024 = 1048576 bytes. So if you want to restrict 5MB, you’ll just do 5MB * 1024 * 1024. That’s how I’ll list it in our example. I want to restrict the user from uploading anything over 1/2MB.
$max_size_mb = 0.5;
$max_size_bytes = $max_size_mb * 1024 * 1024;
if ( $_FILES["file_name"]["size"] > $max_size_bytes )
{
die("The file size is too large.);
}
The full script looks like this now.
You can see how this is building on each time. Code is just that, a slow build up. In the next script, we’ll tackle some final checks and then we’ll look at this in a more object-oriented approach in article 81. See you next time.
FILE TYPE VALIDATION IN PHP SAFEGUARDS AGAINST MALICIOUS UPLOADS
Never trust the user. Even though you specified that the user should upload an image, will they follow your instructions? Majority of the users will but there are some that wont for various reasons.
Size validation in PHP ensures that uploaded files meet your requirements
We’ve uploaded a file and restricted users from uploading all file types, but there are still a few more things that we’ll need to check like file size.
PHP’S UPLOAD CHECKS ARE THE LAST LINE OF DEFENSE AGAINST MALICIOUS CONTENT
PHP – P80: FINAL UPLOAD CHECKS
You can never be too careful especially when allowing others to upload files to your server. I recommend using a tried and tested PHP package, but we’re learning how stuff works here so we’ll do a few more tests ourselves.