PHP:UPLOAD_ERR_INI_SIZE 有什么意义?

2021-12-24 00:00:00 file-upload error-handling php

PHP 手册中有一个部分叫做处理文件上传.该部分有一个名为错误消息说明的小节.该小节描述了一个名为UPLOAD_ERR_INI_SIZE"的错误:

值:1;上传的文件超过了 upload_max_filesize 指令在 php.ini 中.

但是,根据我的经验,不可能使用 UPLOAD_ERR_INI_SIZE 检查这个特定错误,因为如果用户确实上传了超过 php.ini 中的 upload_max_filesize 指令的文件,则 $_FILES 超全局变量是空的.想亲自测试一下吗?将其另存为upload_test.php",然后尝试上传低于限制的文件,然后上传超过限制的文件:

<!DOCTYPE html><html lang="zh-cn"><头><meta http-equiv="Content-Type" content="text/html; charset=utf-8"><title>PHP 上传测试</title><身体><h1>上传文件(最大文件大小:<?php echo $max_filesize_in_mib; ?> MiB)</h1><form action="upload_test.php?submitted=true" enctype="multipart/form-data" method="post"><input type="file" name="upload_test"><input type="hidden" name="random_field" value="您应该在 $_POST 超全局变量中看到这个字段."><输入类型=提交"值=上传"></表单>

所以我的问题是:如果您永远无法检查 UPLOAD_ERR_INI_SIZE 有什么意义?

解决方案

UPLOAD_ERR_INI_SIZE 值:1;上传的文件超过了 php.ini 中的 upload_max_filesize 指令.

当您的 POST_MAX_SIZE 大于 UPLOAD_MAX_FILESIZE 时,这是有道理的.

我在 POST_MAX_SIZE128MB 的环境中尝试过,然后我将 UPLOAD_MAX_FILESIZE 设置为 1MB

这是我得到的(正如预期的那样):

<前>$_POST 的内容:大批([random_field] => 您应该在 $_POST 超全局变量中看到此字段.)$_FILES 的内容:大批([upload_test] => 数组([名称] => Scan.tiff[类型] =>[tmp_name] =>[错误] => 1[尺寸] => 0))

虽然我们没有得到文件的大小,但我们知道它超过了upload_max_filesize.

The PHP manual has a section called Handling file uploads. That section has a subsection called Error Messages Explained. That subsection describes an error called "UPLOAD_ERR_INI_SIZE":

Value: 1; The uploaded file exceeds the upload_max_filesize directive in php.ini.

However, in my experience, it's impossible to ever check for this particular error using UPLOAD_ERR_INI_SIZE because if a user ever does upload a file that exceeds the upload_max_filesize directive in php.ini, the $_FILES superglobal is empty. Want to test it for yourself? Save this as "upload_test.php" and then try to upload a file that's under the limit and then a file that's over the limit:

<?php

    if (isset($_GET['submitted']) && $_GET['submitted'] === 'true')
    {
        echo 'Contents of $_POST:<hr><pre>';
        print_r($_POST);
        echo '</pre><hr>Contents of $_FILES:<hr><pre>';
        print_r($_FILES);
        echo '</pre><hr>';
        exit;
    }

    $max_filesize_in_mib = min((int)(ini_get('upload_max_filesize')), (int)(ini_get('post_max_size')), (int)(ini_get('memory_limit')));

?>
<!DOCTYPE html>
<html lang="en">
    <head>
        <meta http-equiv="Content-Type" content="text/html; charset=utf-8">
        <title>PHP Upload Test</title>
    </head>
    <body>
        <h1>Upload a File (Maximum File Size: <?php echo $max_filesize_in_mib; ?> MiB)</h1>
        <form action="upload_test.php?submitted=true" enctype="multipart/form-data" method="post">
            <input type="file" name="upload_test">
            <input type="hidden" name="random_field" value="You should see this field in the $_POST superglobal.">
            <input type="submit" value="Upload">
        </form>
    </body>
</html>

So my question is this: what's the point of UPLOAD_ERR_INI_SIZE if you can never check for it?

解决方案

UPLOAD_ERR_INI_SIZE Value: 1; The uploaded file exceeds the upload_max_filesize directive in php.ini.

This make sense when your POST_MAX_SIZE is bigger than UPLOAD_MAX_FILESIZE.

I tried in an environment where POST_MAX_SIZE is 128MB, then i set UPLOAD_MAX_FILESIZE to 1MB

Here's what i got (as expected):

Contents of $_POST:
Array
(
    [random_field] => You should see this field in the $_POST superglobal.
)

Contents of $_FILES:
Array
(
    [upload_test] => Array
        (
            [name] => Scan.tiff
            [type] => 
            [tmp_name] => 
            [error] => 1
            [size] => 0
        )
)

Although we don't get the size of the file, we do know that it's exceeding the upload_max_filesize.

相关文章