Can someone tell me what's wrong with the MAX_FILE_SIZE input line? Thanks. <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="content-type" content="text/html; charset=utf-8" /> <title>post07</title> </head> <body> <table> <form action="new_post07.php" method="post" enctype="multipart/form-data"> <td>image:</td> <input type="hidden" name="MAX_FILE_SIZE" value="<?php echo MAX_FILE_SIZE; ?>" /> <td><input type="file" name="image"/></td> </tr> <td colspan="2"> <input type="submit" value="register" name="post" width="99" height="39"/> </td> </tr> </form> </table> </body> </html> HTML:
I tried defining it at the top just before the DOCTYPE, but it did not work. Maybe I should try it again. I was hoping I could define it on the php page this form calls to. <?php>define ('MAX_FILE_SIZE', 300000);?> PHP: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="content-type" content="text/html; charset=utf-8" /> <title>post07</title> </head> <body> <table> <form action="new_post07.php" method="post" enctype="multipart/form-data"> <td>image:</td> <input type="hidden" name="MAX_FILE_SIZE" value="<?php echo MAX_FILE_SIZE; ?>" /> <td><input type="file" name="image"/></td> </tr> <td colspan="2"> <input type="submit" value="register" name="post" width="99" height="39"/> </td> </tr> </form> </table> </body> </html> HTML:
I wouldn't know what to look for, it looks no different than it does in my editor. Here is the page error. XML Parsing Error: not well-formed Location: http://localhost/clphp03/post07.xhtml Line Number 30, Column 54: <input type="hidden" name="MAX_FILE_SIZE" value="<?php echo MAX_FILE_SIZE; ?>" /> ------------------------------------------------------------------------------^
My point is, from your error message I gather that you are using PHP inside a .html file. Try renaming the file to have a .php extension.
Your suggestion worked. The error message went away. I can't get the code to limit the file size. I set the file size to 200 bytes. My file is 283kb. It copies and moves it anyway like it doesn't recognize the file size. Anyone have an idea? Thanks for your help. <?phpdefine ('MAX_FILE_SIZE', 200);?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="content-type" content="text/html; charset=utf-8" /> <title>post07</title> </head> <body> <table> <form action="new_post07.php" method="post" enctype="multipart/form-data"> <tr> <td>image:</td> <input type="hidden" name="MAX_FILE_SIZE" value="<?php echo MAX_FILE_SIZE; ?>" /> <td><input type="file" name="image"/></td> </tr> <tr> <td colspan="2"> <input type="submit" value="register" name="post" width="99" height="39"/> </td> </tr> </form> </table> </body> </html> HTML:
Check the file size on the server side, it is the right way. To check the file size you can by using php function filesize like this: if(filesize($_FILES["image"]["tmp_name"])<200){ // your code } Code (markup):
Thanks for the response. I am not sure what you mean. When I check the settings using phpinfo.php, upload_max_filesize reads 2M. I am using php code to limit the size to just 200 bytes. My image file is 283 kb. This code should stop the file transfer. <?phpdefine ('MAX_FILE_SIZE', 200);?> Are you saying I should do this? <?php if(filesize($_FILES["image"]["tmp_name"])<200){ define ('MAX_FILE_SIZE', 200); } ?>
HTML is browser side, thus it has zero reliability. MAX_FILE_SIZE just tells the browser how big it should force the user to make the file. The browser can chose to disregard MAX_FILE_SIZE if it wants to. That's why you have to use that if statement he provided when you are processing the upload. That will prevent a user from uploading a larger file regardless.
Thanks for pointing that out. I realize a person can get around this code if they want to and my next goal was to make the code more secure. When you say The browser can choose to disregard MAX_FILE_SIZE if it wants to. Are you saying a person using a browser can, or the browser automatically disregards MAX_FILE_SIZE? Because right now I am the only person using my browser to test the code and I expect the code thus far to be enough to stop a large file size transfer. <?phpdefine ('MAX_FILE_SIZE', 200);?> value="<?php echo MAX_FILE_SIZE; ?>"
I got the (define ('MAX_FILE_SIZE', 200) code to work. I don't know how I did it. I removed the <td> and </td> tags from the bottom <input line to match the top <input line. That had no effect, so I put them back and tried it and to my surprise the MAX_FILE_SIZE is now limiting the file size like it's supposed too. <input type="hidden" name="MAX_FILE_SIZE" value="<?php echo MAX_FILE_SIZE; ?>" /> <td><input type="file" name="image"/></td> Thank you guys for trying to help me trouble shoot this. I will now move on to the if statement as suggested by s_ruben and Cozmic.