So when uploading files in PHP I'm currently checking for errors in upload size against the php.ini file:
switch ($_FILES['file']['error']) {
case UPLOAD_ERR_OK:
break;
case UPLOAD_ERR_NO_FILE:
throw new RuntimeException('No file sent.');
case UPLOAD_ERR_INI_SIZE:
case UPLOAD_ERR_FORM_SIZE:
throw new RuntimeException('Exceeded filesize limit.');
default:
throw new RuntimeException('Unknown errors.');
}
And then checking them manually:
$max_size = "10490000";
if ($_FILES['file']['size'] > $max_size) {
throw new RuntimeException('Exceeded filesize limit.');
}
Is this second step necessary? Or is it sufficient just to check the errors.
Alternatively, if it is necessary, can I safely do something like this for the second check:
$max_size = (int)(ini_get('upload_max_filesize'));
(1) The second step is not necessary but you have to separate the UPLOAD_ERR_INI_SIZE case from UPLOAD_ERR_FORM_SIZE case because they have different meanings as the manual says http://php.net/manual/en/features.file-upload.errors.php
(2) the value of the entry upload_max_filesize at php.ini file is written using this notation:
XY: where X is an integer and Y is the unit, Y can be G(giga bytes), M (mega bytes)...etc, read the manual for more clarification http://php.net/manual/en/faq.using.php#faq.using.shorthandbytes, so using (int)(ini_get('upload_max_filesize')); will not be safe all times and requires extra handling