Restrict Upload File Size In PHP (Very Simple Example)

Welcome to a tutorial on how to restrict the upload file size in PHP. So you want to set a limit, or change the maximum upload file size in PHP?

To enforce an upload file size limit in PHP:

  1. We can set the upload_max_filesize and post_max_size directives in php.ini.
  2. Or do a programmatic check upon file upload.
    • $max = 1000000;
    • if ($_FILES["upload"]["size"] < $max) { move_uploaded_file($_FILES["upfile"]["tmp_name"], DESTINATION); }

That covers the quick basics, but read on for more detailed examples!

ⓘ I have included a zip file with all the source code at the start of this tutorial, so you don’t have to copy-paste everything… Or if you just want to dive straight in.

 

 

QUICK SLIDES

 

TABLE OF CONTENTS

Download & Notes Restricted Upload Useful Bits & Links
The End

 

DOWNLOAD & NOTES

Firstly, here is the download link to the example code as promised.

 

QUICK NOTES

If you spot a bug, feel free to comment below. I try to answer short questions too, but it is one person versus the entire world… If you need answers urgently, please check out my list of websites to get help with programming.

 

EXAMPLE CODE DOWNLOAD

Click here to download all the example source code, I have released it under the MIT license, so feel free to build on top of it or use it in your own project.

 

 

UPLOAD FILE SIZE RESTRICTION

All right, let us now get into examples of how to restrict the upload file size in PHP.

 

PART 1) PHP.INI FILE SIZE RESTRICTION

php.ini
file_uploads=On
post_max_size=10M
upload_max_filesize=10M
max_file_uploads=20

If you are new to PHP, this is something to take extra note of. There are “hardcoded limits” set in php.ini itself.

  • file_uploads Allows file uploads.
  • post_max_size Maximum allowed POST size. Technically, this should be set equal to or greater than the allowed upload file size.
  • upload_max_filesize Self-explanatory, the maximum allowed upload file size.
  • max_file_uploads Maximum simultaneous file uploads.

Captain Obvious to the rescue, these will take precedence over PHP scripts. For example, if uploads are disabled in php.ini – The PHP script will throw an error instantly on a file upload.

 

PART 2) FILE SIZE CHECK ON UPLOAD

2A) HTML UPLOAD FORM

2a-upload.html
<form action="2b-upload.php" method="post" enctype="multipart/form-data">
  <input type="file" name="upfile" required/>
  <input type="submit" value="Upload"/>
</form>

Now for the PHP upload mechanism itself, there is nothing special on the HTML upload form. As at the time of writing, there is no such thing as a maxSize HTML property that we can set on the file input field.

 

 

2B) PHP UPLOAD HANDLER

2b-upload.php
<?php
// (A) ERROR - NO FILE UPLOADED
if (!isset($_FILES["upfile"])) { exit("No file uploaded"); }
 
// (B) FILE SIZE
$maxsize = 10000000; // 10 MB
 
// (C) SAVE FILE ONLY IF LESSER THAN MAX ALLOWED
if ($_FILES["upfile"]["size"] <= $maxsize) {
  echo move_uploaded_file($_FILES["upfile"]["tmp_name"], $_FILES["upfile"]["name"])
    ? "OK" : "ERROR" ;
} else { echo "Max allowed file size is $maxsize bytes"; }

Lastly, as with the introduction snippet, we do a file size check before saving the uploaded file.

 

PART 3) JAVASCRIPT FILE SIZE CHECK

3-js-size.html
<script>
// (A) JS FILE SIZE CHECK
function check () {
  // (A1) MAX FILE SIZE
  const maxsize = 10000000;
 
  // (A2) CHECK FILE SIZE
  let f = document.getElementById("upfile").files[0];
  if (f.size <= maxsize) {
    return true;
  } else {
    alert(`Max allowed file size is ${maxsize} bytes.`);
    return false;
  }
}
</script>
 
<!-- (B) HTML UPLOAD FORM -->
<form action="2b-upload.php" enctype="multipart/form-data" onsubmit="return check();">
  <input type="file" id="upfile" name="upfile" required/>
  <input type="submit" value="Upload"/>
</form>

One last bit – While we don’t have a maxsize property in HTML, we can still get the file size in Javascript itself. This may seem a little bit of a hassle, but I will recommend putting this into place – Showing a nice Javascript “please do not exceed XYZ bytes” message is better than an outright error in PHP.

 

 

USEFUL BITS & LINKS

That’s all for the tutorial, and here is a small section on some extras and links that may be useful to you.

 

UPLOADING LARGE FILES?

If you are dealing with large uploads, raising the file size limit in php.ini is one lazy and easy way to do it. But that is not the best solution, you cannot keep raising the limits forever. There are better and more reliable ways to handle large uploads, check out my other tutorial on large uploads. Links are right below.

 

LINKS & REFERENCES

 

INFOGRAPHIC CHEAT SHEET

Restrict Upload File Size In PHP (Click To Enlarge)

 

THE END

Thank you for reading, and we have come to the end. I hope that it has helped you to better understand, and if you want to share anything with this guide, please feel free to comment below. Good luck and happy coding!

Leave a Comment

Your email address will not be published.