4

I know you can control the size of uploads in PHP using $_FILES['userfile']['size'] > XXX

My question I suppose is performance related.

When you upload a file, my understanding is the whole file gets uploaded to a temporary location, and then you have access to $_FILES

What happens if a user attempts to upload a 10gb file? (as an example of a very large file)

If a large file is attempted to be uploaded, does this waste server bandwidth as the file needs to be uploaded before it can be processed/validated.

I know PHP has like timeouts etc but I'm curious if there is a performance impact from users attempting to upload very large files, even if (for example) the max file size is 2mb.

Is this a concern or something unavoidable and just to not worry.

Thanks.

Improve this question
0

2 Answers 2

Reset to default
3

Both apache and php have max-post limitation to prevent such behavior.

from php.ini:

; Maximum allowed size for uploaded files.
upload_max_filesize = 4M
; Maximum size of POST data that PHP will accept.
post_max_size = 8M
Improve this answer
Sign up to request clarification or add additional context in comments.

4 Comments

Sorry perhaps I wasn't quite clear - am aware of how to prevent large files being uploaded, but was curious about any performance impacts associated with users uploading extremely large files
edit - are you saying that the above would stop the upload when thos limits were reached, or would the upload carry on until it was completed/timeout regardless
These limitations will close connection socket after the limit is reached.
From httpd.apache.org/docs/1.3/mod/core.html: This directive gives the server administrator greater control over abnormal client request behavior, which may be useful for avoiding some forms of denial-of-service attacks.
0

Actually, the [size] isn't there for control, it's simply the size of the uploaded file. By the time your script gets fired up to check that, PHP (and the webserver) have already handled the uploaded and applied their own internal limits (Apache's LimitRequestBody, PHP's upload_max_size, etc...).

PHP will allow all uploads to proceed, if they've been enabled via the file_uploads INI setting. Since you can't really trust the client, the client-provided size will be ignored and the upload will proceed until it either completes or hits the upload limit. So, yes, it can waste your bandwidth.

If you allow uploads, then it can be abused. But, there's no real difference between someone uploading a 10gig file or someone doing a POST with 10gig of bogus data. Either way, you've got 10gig of data coming your way.

Improve this answer

1 Comment

Thanks for confirming. I don't think its a huge issue in real life situations but nice to know

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.