Skip to content
Advertisement

php file size validation

I would like to create in php file size validation for every single file. I used for loop to add attachments, and then created condition to check file, but it’s not working. There’s no error, but it send mail with oversized attachment, instead of stop. Without the size validation part, it sends mail without any problems.

For sending I used php mailer.

   <?php
//Import PHPMailer classes into the global namespace
//These must be at the top of your script, not inside a function
use PHPMailerPHPMailerPHPMailer;
use PHPMailerPHPMailerSMTP;
use PHPMailerPHPMailerException;

//Load Composer's autoloader
require 'autoload.php';

//Create an instance; passing `true` enables exceptions
$mail = new PHPMailer(true);
$honeypot = $_POST['honey'];
$user_name = $_POST['name'];
$user_email = $_POST['email'];
$user_message = $_POST['message'];
$user_phone = $_POST['phone'];
$honeypot = trim($_POST["honey"]);
$max_size = 2 * 1024 * 1204; //2mb
$attachment = $_FILES['uploaded-file'];

if ($_SERVER["REQUEST_METHOD"] == "POST") {


    if(!empty($honeypot)) {
        echo "NO SPAM!"; 
        exit;
      }    else {

        $mail = new PHPMailer; //From email address and name 
        $mail->isMail(); 
        $mail->From = $user_email;
        $mail->addAddress("jaroslaw.mor@gmail.com");
        $mail->isHTML(true); 
        $mail->Subject = "Zapytanie ze strony www"; 
        $mail->Body = "Telefon:$user_phone<br><br>Treść wiadomośći:<br>$user_message";
        $mail->AltBody = "Telefon:$user_phonen$content"; 
        
        
        if(isset($attachment)) {

            for ($i = 0; $i < count($_FILES['uploaded-file']['name']); $i++) {
                if ($_FILES['uploaded-file']['error'] !== UPLOAD_ERR_OK) continue;
                $file_TmpName = $_FILES['uploaded-file']["tmp_name"][$i]; 
                $file_name = $_FILES['uploaded-file']["name"][$i];  

                if($_FILES['uploaded-file']["name"][$i];  > $max_size) {
                    echo "file is too big";
                    die();
}
                 
                else{
                 move_uploaded_file($fileTmpName,  "uploads/" . $filename);
                 $mail-> AddAttachment("uploads/". $filename);
                                                                }      
            }//for
        }//isset

        if(!$mail->send()) {
            echo "Mailer Error: " . $mail->ErrorInfo;
           exit();
      } 
      
              else {
              header("Location: sent.html");
                             
                 exit();

      }//if send else

}//honey else end

}//post end

I have rebuilt my code a bit, and also complied with comments/clues.

But there’s still the same problem.

Advertisement

Answer

This is a copy paste error

$_FILES['uploaded-file']["name"]['size'][$i]

According to the PHP documentation, size is under $_FILES['uploaded-file'] and not $_FILES['uploaded-file']['name']. See @yuxufabio’s comment.

And the if (isset($attachments)) check is a bit weird. It’ll always return an array (meaning true) even if it’s empty. What you probably mean is if the form variable itself is set or not

if (isset($_FILES['uploaded-file'])) {
for ($i = 0; $i < count($_FILES['uploaded-file']['name']); $i++) { 

Lastly, you should be checking if there’s an error, as the upload is not garuanteed to work at the fault of the client, such as an empty file or a network error

if ($_FILES['uploaded-file']['error'][$i] !== UPLOAD_ERR_OK) continue;
...
if ($_FILES['uploaded-file']['size'][$i] > $maxsize) {
...
User contributions licensed under: CC BY-SA
7 People found this is helpful
Advertisement