File upload principle
The client files uploaded to the server, then the server's temporary files uploaded to the specified directory
Client Configuration
submit Form
Send as a form of post
添加enctype="multipart/form-data"
Server-side configuration (recommended study: PHP Programming from entry to the master)
file_uploads = On, support HTTP uploads
uoload_tmp_dir =, temporary file directory
upload_max_filesize = 2M, the allowable maximum file upload
max_file_uploads = 20, to allow the maximum number of files to upload
post_max_size = 8M, post send the maximum data
max_execution_time = -1, sets the maximum execution time of the script before the parser is allowed to terminate, in seconds, to prevent the program is badly written and reap server resources. -1 for infinite
max_input_time = 60, script analyzing input data allows the maximum time in seconds
max_input_nesting_level = 64, input variables provided nesting depth
max_input_vars_ = 1000, the number of accepted input variable (limit applies separately $ _GET, $ _ POST and $ _COOKIE superglobals, will result in the E_WARNING, will cut more input variables from the request.
memory_limit = 128M, the largest independent memory usage single-threaded. That is, a web request, given the definition of the thread's largest memory usage
Error Messages Explained
UPLOAD_ERR_OK: its value is 0, no error occurred, the file uploaded successfully
UPLOAD_ERR_INI_SIZE: its value is 1, the uploaded file exceeds the upload_max_filesize in php.ini option to limit the value of
UPLOAD_ERR_FORM_SIZE: its value is 2, upload file size exceeds the value of the HTML form MAX_FILE_SIZE option specified
UPLOAD_ERR_PARTIAL: its value is 3, the file was only partially uploaded
UPLOAD_ERR_NO_FILE: its value is 4, No file was uploaded
UPLOAD_ERR_NO_TMP_DIR: its value is 6, Missing a temporary folder
UPLOAD_ERR_CANT_WRITE: its value is 7, the file writing failure
UPLOAD_ERR_EXTENSION: its value is 8, the uploaded file has been interrupted PHP extension
Client restrictions
By limiting the maximum value of the hidden form fields file upload file
1 |
|
Limit upload file type accept property
1 |
|
Limiting the client, users can upload the revised code on your pages, so no practical significance. Should be limited on the server side
Limit the size of file uploads
Limit upload file types
Detecting whether as a true picture type
Upload to detect whether HTTP POST mode