0

Okay, so I set up an upload engine for a website so that an authenticated user can upload a audio file (a key) for a song in the library, but I come across this strange problem when I try to upload any file over 5MB.

I set my php.ini max filesize to 50MB by the way

Everything uploads properly, but there is no data associated with the file on the other end.

HTML CODE:

<form action="keyUpload.php?id=<?php echo $id;?>" method="post" enctype="multipart/form-data">
<p style="color:#fff;font-size:30px;font-family:Times">
Add a new Key:<br/><input name="uploaded" type="file" id="file"><br />
<input type="text" name="kname" id="kname" value placeholder="Key Name (Ex. Demo, A#, etc.)" style="width:300px;"><br/>
<button class="button">Upload File</button><br/>
<span style="font-size:12px;">*Max Filesize is 50 MB*</span>
</p>
</form>

PHP CODE:

<?php 
$id=$_GET["id"];
$name=$_POST["kname"];

$name = str_replace(" ","%20",$name);

$allowed_filetypes = array('.mp3','.m4a','.wav','.wma');

$filename = $_FILES['uploaded']['name'];
$ext = substr($filename, strpos($filename,'.'), strlen($filename)-1);

Both $filename and $ext are empty variables when I upload a file larger than 5 MB. In all other cases, this engine works perfectly.

When echoed, simply nothing happens, so obviously the engine will not save the file if it doesn't exist. What's going on?

var_dump:

array(0) { }

Thanks for all your help!

Improve this question

2 Answers 2

Reset to default
3

Check for upload errors:

if ($_FILES['uploaded']['error'] !== UPLOAD_ERR_OK) {
   die("Upload failed with error code " . $_FILES['uploaded']['error']);
}

The error codes are defined here: http://www.php.net/manual/en/features.file-upload.errors.php

As well, do NOT use filenames to validate the uploads. It is beyond trivial for a malicious user to fake a filename and upload malicious files, eg.

ren nastyvirus.exe good_tune.mp3

And don't use string operations on filenames. There's a whole whack of PHP functions for filename manipulation, e.g. http://php.net/basename

Improve this answer
Sign up to request clarification or add additional context in comments.

5 Comments

All I got from doing that was "Upload failed with error code " and nothing else. Also, I know all of the people that will be using this personally, so there is no need to be worried about malicious use. ;)
Interesting, should've output at least a number. What does a var_dump($_FILES) show? paste that as code above, since comments are a bad place to put formatted dumps
var dump just returned what I added above.
ok. so there's no file upload occuring at all. No idea, but that's the problem. If there was an upload that failed, you'd get at least SOME data in $_FILEs.
I found it. Turns out when I changed the max filesize in the ini, I overlooked the max post-size, defaulted to 5M! Thanks for your help! +1
0

Set max_post_size in php.ini as well.

Improve this answer

2 Comments

Don't you mean post_max_size?
One should also not forget upload_max_filesize too. http://php.net/upload-max-filesize

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.