Hi folks,
I am having trouble getting my script to limit the file upload size 🙁
It is currently uploading any file sizes:
<?
// upload directory
$uploadDir = "$FileDir";
// max file size in bytes.
$max_file_size = '1000';
if(isset($_POST['upload']))
{
$fileName = $_FILES['userfile']['name'];
$tmpName = $_FILES['userfile']['tmp_name'];
$fileSize = $_FILES['userfile']['size'];
$fileType = $_FILES['userfile']['type'];
// get the file extension first
$ext = substr(strrchr($fileName, "."), 1);
// generate the random file name
$randName = md5(rand() * time());
// and now we have the unique file name for the upload file
$filePath = $uploadDir . $randName . '.' . $ext;
// move the files to the specified directory
// if the upload directory is not writable or
// something else went wrong $result will be false
$result = move_uploaded_file($tmpName, $filePath);
if (!$result) {
echo "Error uploading file";
exit;
}
if ($tmpName > $max_file_size)
{
echo "The file is too big - please try again.";
exit;
}
if ($fileSize > $max_file_size){
$error_message="You Image is $fileSize Bytes the maximum allowed is $max_file_size";
}
if(!get_magic_quotes_gpc())
{
$fileName = addslashes($fileName);
$filePath = addslashes($filePath);
}
$query = "INSERT INTO files (name, size, type) ".
"VALUES ('$fileName', '$fileSize', '$fileType')";
mysql_query($query) or die('Error, query failed : ' . mysql_error());
echo "<br>The file was successfuly uploaded.<br><br>";
mysql_close($cid);
}
?>
I have tried to different ways as shown in the code :
if ($tmpName > $max_file_size)
if ($fileSize > $max_file_size){
I asume the variables arent formed where I am adding the limit code ???
Any advice would be greatly appreciated.
