Restrict Upload File Size In PHP (Very Simple Example)

Welcome to a tutorial on how to restrict the upload file size in PHP. So you want to set a limit, or change the maximum upload file size in PHP?

That covers the quick basics, but read on for more detailed examples!

 

 

TABLE OF CONTENTS

 

 

EXAMPLE CODE DOWNLOAD

Source code on GitHub Gist

Just click on “download zip” or do a git clone. I have released it under the MIT license, so feel free to build on top of it or use it in your own project.

 

SORRY FOR THE ADS...

But someone has to pay the bills, and sponsors are paying for it. I insist on not turning Code Boxx into a "paid scripts" business, and I don't "block people with Adblock". Every little bit of support helps.

Buy Me A Coffee Code Boxx eBooks

 

 

 

PART 1) PHP.INI FILE SIZE RESTRICTION

file_uploads=On
post_max_size=10M
upload_max_filesize=10M
max_file_uploads=20

If you are new to PHP, this is something to take extra note of. There are “hardcoded limits” set in php.ini itself.

• file_uploads Allows file uploads.
• post_max_size Maximum allowed POST size. Technically, this should be set equal to or greater than the allowed upload file size.
• upload_max_filesize Self-explanatory, the maximum allowed upload file size.
• max_file_uploads Maximum simultaneous file uploads.

Captain Obvious to the rescue, these will take precedence over PHP scripts. For example, the PHP script will throw an error instantly on a file upload if file_uploads=Off.

 

PART 2) HTML UPLOAD FORM

<form action="4-upload.php" method="post" enctype="multipart/form-data" onsubmit="return check()">
  <input type="file" id="up" name="up" required>
  <input type="submit" value="Upload">
</form>

Look no further, this is just a “regular file upload form”. But take note that we are using Javascript onsubmit="return check()" to do a check before submitting it to the PHP.

 

 

PART 3) JAVASCRIPT FILE SIZE CHECK

function check () {
  // (A1) MAX FILE SIZE
  const max = 10000000;
 
  // (A2) CHECK FILE SIZE
  let f = document.getElementById("up").files[0];
  if (f.size <= max) {
    return true;
  } else {
    alert(`Max allowed file size is ${max} bytes.`);
    return false;
  }
}

Sadly, there is no such thing as <input type="file" maxsize="XYZ"> at the time of writing. But we can still get the file size in Javascript and do a check – Don’t allow the upload if it is over the allowed limit.

 

PART 4) PHP UPLOAD HANDLER

<?php
// (A) ERROR - NO FILE UPLOADED
if (!isset($_FILES["up"])) { exit("No file uploaded"); }
 
// (B) FILE SIZE
$max = 10000000; // 10 MB
 
// (C) SAVE FILE ONLY IF LESSER THAN MAX ALLOWED
if ($_FILES["up"]["size"] <= $max) {
  echo move_uploaded_file($_FILES["up"]["tmp_name"], $_FILES["up"]["name"])
    ? "OK" : "ERROR" ;
} else { echo "Max allowed file size is $max bytes"; }

Lastly, we do a file size check in PHP before saving the uploaded file. Some sharp code ninjas should have realized – Why are we doing checks in both Javascript and PHP?

• Remember that Javascript is client-side and PHP is server-side.
  • Javascript does the file size check before the form is submitted.
  • PHP does the file size check after the form is submitted.
• Why do we need both?
  • Javascript is “cosmetics” to show a “nice message” before submission. But it is unsafe – max can be easily changed by opening the developer’s console.
  • PHP is “security”. The hard coded PHP limits cannot be changed in the developer’s console.

 

 

 

UPLOADING LARGE FILES?

If you are dealing with large uploads, raising the file size limit in php.ini is one lazy and easy way to do it. But that is not the best solution, you cannot keep raising the limits forever. There are better and more reliable ways to handle large uploads, check out my other tutorial on large uploads. Links are right below.

 

LINKS & REFERENCES

• Description of core php.ini directive – PHP
• How To Upload Large Files In PHP – Code Boxx
• Drag-and-drop File Upload – Code Boxx
• Limit Upload File Types – Code Boxx