How to Limit File Size in PHP Upload: Simple Guide
To limit file size in PHP uploads, set the
upload_max_filesize and post_max_size directives in php.ini, and also check the file size in your PHP script using $_FILES['file']['size'] before processing the upload.Syntax
To limit file size in PHP uploads, you use two main parts:
- php.ini settings:
upload_max_filesizesets the max size for uploaded files, andpost_max_sizesets the max size for all POST data. - PHP script check: Use
$_FILES['file']['size']to check the uploaded file size and reject files that are too big.
php
; php.ini settings upload_max_filesize = 2M post_max_size = 8M // PHP script check if ($_FILES['file']['size'] > 2 * 1024 * 1024) { echo "File is too large."; exit; }
Example
This example shows how to limit an uploaded file to 1 megabyte (1MB) in PHP. It checks the file size and gives a message if the file is too big.
php
<?php if ($_SERVER['REQUEST_METHOD'] === 'POST') { if (isset($_FILES['upload'])) { $maxFileSize = 1 * 1024 * 1024; // 1MB in bytes if ($_FILES['upload']['error'] === UPLOAD_ERR_OK) { if ($_FILES['upload']['size'] <= $maxFileSize) { echo "File uploaded successfully. Size: " . $_FILES['upload']['size'] . " bytes."; // Here you can move the file to a safe location } else { echo "Error: File size exceeds 1MB limit."; } } else { echo "Error: File upload error code " . $_FILES['upload']['error']; } } else { echo "No file uploaded."; } } else { echo "Please upload a file."; } ?> <form method="post" enctype="multipart/form-data"> <input type="file" name="upload" required> <button type="submit">Upload</button> </form>
Output
Please upload a file.
Common Pitfalls
Common mistakes when limiting file size in PHP uploads include:
- Not setting
post_max_sizeandupload_max_filesizeinphp.ini, which can silently block large uploads. - Only checking file size in PHP code but ignoring server limits, causing uploads to fail before your script runs.
- Not handling upload errors properly, missing cases like partial uploads or no file sent.
- Using client-side checks only, which can be bypassed easily.
php
<?php // Wrong: No size check if ($_FILES['file']['error'] === UPLOAD_ERR_OK) { echo "File uploaded without size check."; } // Right: Check size and error $maxSize = 2 * 1024 * 1024; // 2MB if ($_FILES['file']['error'] === UPLOAD_ERR_OK) { if ($_FILES['file']['size'] <= $maxSize) { echo "File accepted."; } else { echo "File too large."; } } else { echo "Upload error."; }
Quick Reference
Summary tips to limit file size in PHP uploads:
- Set
upload_max_filesizeandpost_max_sizeinphp.inito your desired limits. - Check
$_FILES['file']['size']in your PHP script before processing. - Handle upload errors using
$_FILES['file']['error']. - Use client-side checks for better user experience but never rely on them alone.
Key Takeaways
Always set
upload_max_filesize and post_max_size in php.ini to control max upload size.Check the uploaded file size in PHP using
$_FILES['file']['size'] to enforce limits.Handle all upload errors by checking
$_FILES['file']['error'] to avoid silent failures.Client-side size checks improve UX but never replace server-side validation.
Remember
post_max_size must be larger than or equal to upload_max_filesize.