StackOverflow2013

Note that there are some explanatory texts on larger screens.

plurals

PO
text
Body
copied!<h1>File size</h1> <h2>Global limit</h2> <p>You can limit the file size globally in <code>php.ini</code>:</p> <pre><code>upload_max_filesize = 10M </code></pre> <h2>Local limit</h2> <p>Alternatively, you can do something like this:</p> <pre><code>const('IMG_MAX_SIZE', 10485760); // 10 MB if ($_FILES['file']['size'] > IMG_MAX_SIZE) { // display error message then exit } // save image </code></pre> <h1>File type</h1> <h2>It's not a good idea to check the extension</h2> <p>You could check the extension but this does not mean that the file is really of the type indicated by it. It can be a video renamed to <code>.png</code>.</p> <h2>Check the mime type reported by the client</h2> <p>To determine the real type, check the mime type the client has returned:</p> <pre><code>$allowed_types = array('image/png', 'image/jpeg', 'image/gif'); if (!in_array($_FILES['file']['type'], $allowed_types)) { // display error message (invalid file type) then exit } </code></pre> <h2>Determine the real mime type after saving</h2> <p>If you want to make it really sure that the file is of the correct type (the client can report whatever type it wants so malicious users can trick your script), check it after saving the file with Fileinfo:</p> <p><a href="http://php.net/manual/en/function.finfo-file.php" rel="nofollow">http://php.net/manual/en/function.finfo-file.php</a></p> <pre><code>$finfo = finfo_open(FILEINFO_MIME_TYPE); $mime_type = finfo_file($finfo, $filename) . "\n"; finfo_close($finfo); if (!in_array($_FILES['file']['type'], $allowed_types)) { // display error message (invalid file type) then exit } </code></pre>

Querying!

Guidance

An individual column

Larger individual text columns get their own page to allow for proper reading.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload