Some questions about MAX_FILE_SIZE

Bijan

What's the use of that hidden field named "MAX_FILE_SIZE" when we make a multipart/form-data? It only accepts the
allowed file size, right? But PHP itself says that you can easily dupe it, if it's so, why should we use it at all?
I tested it and it didn't have any problem, you can easily remove that hidden field and your file upload script
works wihtout any problem. I also had some real problems with that field, and I couldn't even upload a 15K file
while my allowable file size was 2MB, and I couldn't figure out why it's not working. Now that I delete that field,
everything is working fine!

Another question: My PHP's "post_max_size" variable shows 8MB (I'm using PHPDev), but when I attempt to upload a 4MB
file, it doesn't upload it and says it exceeds your 2MB limit, I have no 2MB limit! And I removed that annoying hidden
field from my form, so, I'm sure that it's nothing wrong client side, except the file size maybe! :p What can I do?!
(the maximum file that I uploaded so far was around 900KB that's really more than what I need, I'm just curious to
see if I can upload my whole 80GB hard disk via a form into a host! Is that possible?)

The last question of mine! How can I suppress the warning message that is displayed when an uploaded file exceeds the
post_max_size? I used "error_reporting(0)" at the top of my script, but it doesn't work! Do you know of any way? How
can I put a custom warning?

Thank you, I know I shouldn't usually ask 3 questions in one thread, but these are all related to each other! I'm
asking about the MAX_FILE_SIZE in all of them and I think I can put them all in here!

ir4z0r

forget about the field, if it's crap, kick it!
there's another setting for the size:

upload_max_filesize = 2M

but even if you change this setting, I doubt you could upload more
than, say 100MB? this is not safe in any kind, other solutions should
be used (ftp...)

I don't know about suppressing, maybe put a @ before all functions
like @move_uploaded_file() etc.
for handling the error: $_FILES['userfile']['error']

Bijan

Thanks ir4z0r, I'll kick it!
About the variable you're right, I looked for "upload_max_filesize" and it's set to 2. For suppressing the warning message, I tried everything (putting an @ b4 all the functions or just simply turning error reporting to 0) but nothing has worked.

Cheers,
bijan

scoppc

when dealing with files, there are three useful variables available to be used directly, they are:

$file=$_FILES['file'];
//the file name
$fname=$file['name'];
//the file type
$ftype=$file['type'];
//the file size
$fsize=$file['size'];

//max file size allowed
$maxsize=10240;

if ($fsize>$maxsize){
    print "You are not allowed to upload a file larger than " . $maxsize;
}else{
    print "good.";
}

Bijan

Yeah scoppc, you're right! One shouldn't also forget the very useful "getimagesize()" function that not only gives us the size of an image, but also it says what kinda image (swf, gif, jpg, png, ..) it is and in case of a jpg image, we can find out whether it is CMYK or RBG. No need to mention that if you don't give it a valid image as an argument, it returns false, it means you can find out if the uploaded file was an image or not!