I have a HTML Form which deals with uploading files.
I use the PHP variables $_FILES (name, type, error, size, tmp_name) to store the values in my database and also validate the uploaded file.
I do most validations fine by checking mime types and what not. However when it comes to checking the size of the document, after research I have heard that the user can easily modify the content of $_FILES["size"] and make a fake value inside there.
This is a problem for my website as i am planning on restricting certain users to 20MB upload and higher ranked members to uploading a max of 100mb, and so on...So of course it is problematic if a regular user tricks the code to saying the size is lower then 20mb, whereas the file could actually be over 20MB.
So the question is, how do i tackle this sittuation and check the file size properly?
Note, i cannot use getimagesize() since the files being uploaded are not images.
It's normal
everyone can change request headers
the user also could change $_FILES[*]['type'], so you have to be carefull about it
you have to use filesize() php function http://php.net/manual/en/function.filesize.php
<?php
echo filesize($_FILES['myFile']['tmp_name']);
?>
hope help you
try using the filesize function php, for instance
<?php
$filename = $_FILES['File']['tmp_name'];
echo $filename . ': ' . filesize($filename) . ' bytes';
?>
Read the documentation in php manual filesize