I'm developing a script to grab small sized files (less than 1 MB) from user given a URLs and save them on my server.
My main concern is what if someone tried to upload large files like 1 GB files or even bigger? How do I control the file grabbing if it is a large file?
I tried some of the answers on the web but all of them process the whole file. For a 700 MB video file, it took couple of minutes, does that mean the process taking my server resources?
What if a hacker keep posting URLs to large files so those process will eat up my server resources and I will loose visitors.
Can someone advice me on this?
This should do the trick. No file bigger than 1 megabyte can be uploaded
if($_FILES['file']['size'] < 1048576) { // This is one megabyte (in bytes)
// the file is within size restriction, continue
} else {
// File is too large, return an error
}
Then you could use some javascript to test the file size before upload, but just remember you can't rely on it for security.
Ninja edit: Not a good answer for security purposes
you can check the file size in javascript so you don't need to send it to the server. You can find the full explanation here: JavaScript file upload size validation
You can set your upload file size here. Like this
<?php
ini_set('post_max_size', '20K'); // If you need it like 10 MB , Set is as 10M
ini_set('upload_max_filesize', '20K');