<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html> <head> <meta http-equiv="content-type" content="text/html; charset=UTF-8"> <title>Common Pitfalls</title> </head> <body><div class="manualnavbar" style="text-align: center;"> <div class="prev" style="text-align: left; float: left;"><a href="features.file-upload.errors.html">Error Messages Explained</a></div> <div class="next" style="text-align: right; float: right;"><a href="features.file-upload.multiple.html">Uploading multiple files</a></div> <div class="up"><a href="features.file-upload.html">Handling file uploads</a></div> <div class="home"><a href="index.html">PHP Manual</a></div> </div><hr /><div id="features.file-upload.common-pitfalls" class="sect1"> <h2 class="title">Common Pitfalls</h2> <p class="simpara"> The <em>MAX_FILE_SIZE</em> item cannot specify a file size greater than the file size that has been set in the <a href="ini.core.html#ini.upload-max-filesize" class="link">upload_max_filesize</a> in the <var class="filename">php.ini</var> file. The default is 2 megabytes. </p> <p class="simpara"> If a memory limit is enabled, a larger <a href="ini.core.html#ini.memory-limit" class="link">memory_limit</a> may be needed. Make sure you set <a href="ini.core.html#ini.memory-limit" class="link">memory_limit</a> large enough. </p> <p class="simpara"> If <a href="info.configuration.html#ini.max-execution-time" class="link">max_execution_time</a> is set too small, script execution may be exceeded by the value. Make sure you set <em>max_execution_time</em> large enough. </p> <blockquote class="note"><p><strong class="note">Note</strong>: <span class="simpara"> <a href="info.configuration.html#ini.max-execution-time" class="link">max_execution_time</a> only affects the execution time of the script itself. Any time spent on activity that happens outside the execution of the script such as system calls using <span class="function"><a href="function.system.html" class="function">system()</a></span>, the <span class="function"><a href="function.sleep.html" class="function">sleep()</a></span> function, database queries, time taken by the file upload process, etc. is not included when determining the maximum time that the script has been running. </span> </p></blockquote> <div class="warning"><strong class="warning">Warning</strong> <p class="simpara"> <a href="info.configuration.html#ini.max-input-time" class="link">max_input_time</a> sets the maximum time, in seconds, the script is allowed to receive input; this includes file uploads. For large or multiple files, or users on slower connections, the default of <em>60 seconds</em> may be exceeded. </p> </div> <p class="simpara"> If <a href="ini.core.html#ini.post-max-size" class="link">post_max_size</a> is set too small, large files cannot be uploaded. Make sure you set <em>post_max_size</em> large enough. </p> <p class="simpara"> Since PHP 5.2.12, the <a href="ini.core.html#ini.max-file-uploads" class="link">max_file_uploads</a> configuration setting controls the maximum number of files that can uploaded in one request. If more files are uploaded than the limit, then <var class="varname"><var class="varname"><a href="reserved.variables.files.html" class="classname">$_FILES</a></var></var> will stop processing files once the limit is reached. For example, if <a href="ini.core.html#ini.max-file-uploads" class="link">max_file_uploads</a> is set to <em>10</em>, then <var class="varname"><var class="varname"><a href="reserved.variables.files.html" class="classname">$_FILES</a></var></var> will never contain more than 10 items. </p> <p class="simpara"> Not validating which file you operate on may mean that users can access sensitive information in other directories. </p> <p class="simpara"> Please note that the <span class="productname">CERN httpd</span> seems to strip off everything starting at the first whitespace in the content-type mime header it gets from the client. As long as this is the case, <span class="productname">CERN httpd</span> will not support the file upload feature. </p> <p class="simpara"> Due to the large amount of directory listing styles we cannot guarantee that files with exotic names (like containing spaces) are handled properly. </p> <p class="simpara"> A developer may not mix normal <em>input</em> fields and file upload fields in the same form variable (by using an <em>input</em> name like <em>foo[]</em>). </p> </div><hr /><div class="manualnavbar" style="text-align: center;"> <div class="prev" style="text-align: left; float: left;"><a href="features.file-upload.errors.html">Error Messages Explained</a></div> <div class="next" style="text-align: right; float: right;"><a href="features.file-upload.multiple.html">Uploading multiple files</a></div> <div class="up"><a href="features.file-upload.html">Handling file uploads</a></div> <div class="home"><a href="index.html">PHP Manual</a></div> </div></body></html>