일반적인 문제

MAX_FILE_SIZE는 ini 설정 upload_max_filesize보다 큰 파일 크기를 지정할 수 없습니다. 기본값은 2 메가바이트입니다.

메모리 제한을 활성화하면, 큰 값의 memory_limit가 필요합니다. memory_limit를 충분히 크게 설정했는지 확인하십시오.

max_execution_time을 너무 작게 설정하면, 스크립트 실행 시간이 이 값을 초과합니다. max_execution_time을 충분히 크게 설정했는지 확인하십시오.

Note: max_execution_time은 스크립트 자신의 실행 시간에만 영향을 미칩니다. system(), sleep() 함수 등의 시스템 호출, 데이터베이스 쿼리, 파일 업로드 과정에 걸리는 시간 등 스크립트 외부 실행에 소모하는 시간은 스크립트 최대 실행 시간을 측정할 때 포함하지 않습니다.

Warning

max_input_time은 스크립트가 입력을 받아들이는 최대 시간을 초 단위로 지정합니다; 이는 파일 업로드를 포함합니다. 커다란 파일이나 여러 개의 파일을 전송하거나, 사용자가 느린 회선을 사용한다면 기본값인 60초를 초과할 수 있습니다.

post_max_size을 너무 작게 설정하면, 큰 파일은 업로드할 수 없습니다. post_max_size을 충분히 크게 설정했는지 확인해보십시오.

파일에 대한 검증을 하지 않으면, 사용자가 다른 디렉토리의 중요한 정보에 접근할 수 있습니다.

CERN httpd는 클라이언트에서 보내지는 content-type 마임 헤더 첫번째 공백을 제거합니다. 이 문제로 인해서, CERN httpd는 파일 업로드 기능을 지원하지 않습니다.

많은 양의 디렉토리 목록 형식으로 인해, 확장 형식의 이름(공백을 포함하는 등의)을 가지는 파일을 정상적으로 다룰 수 있는 보장은 없습니다.

하나의 폼 변수에 (입력 이름으로 foo[] 등을 사용하여) 보통의 입력 필드와 파일 업로드 필드를 섞어서는 안됩니다.

add a note add a note

User Contributed Notes 12 notes

up
15
amalcon _a_t_ eudoramail _d_o_t_ com
20 years ago
Note that, when you want to upload VERY large files (or you want to set the limiters VERY high for test purposes), all of the upload file size limiters are stored in signed 32-bit ints.  This means that setting a limit higher than about 2.1 GB will result in PHP seeing a large negative number.  I have not found any way around this.
up
7
Nirmal Natarajan
15 years ago
If using IIS 7.0 or above, the Request Filtering is enabled by default and the max allowed content length is set to 30 MB.

One must change this value if they want to allow file uploads of more than 30 MB.

Sample web.config entry:

<configuration>
    </system.webServer>
        <security>
            <requestFiltering>
                <requestLimits maxAllowedContentLength="314572800"/>
            </requestFiltering>
        </security>
    </system.webServer>
</configuration>

The above setting will allow 300 MB of data to be sent as a request. Hope this helps someone.
up
3
adrien.nizon+phpnet at gmail dot com
8 years ago
[Editor's note: to be more precise, MAX_FILE_SIZE can't exceed PHP_INT_MAX before PHP 7.1.]

Please note that the field MAX_FILE_SIZE cannot exceed 2147483647. Any greater value will lead to an upload error that will be displayed at the end of the upload

This is explained by the related C code :
if (!strcasecmp(param, "MAX_FILE_SIZE")) {
    max_file_size = atol(value);
}

The string is converted into a long int, which max value is... 2147483647

Seems to be corrected since php-7.1.0beta3 (https://github.com/php/php-src/commit/cb4c195f0b85ca5d91fee1ebe90105b8bb68356c)
up
4
admin at creationfarm dot com
21 years ago
The macintosh OS (not sure about OSx) uses a dual forked file system, unlike the rest of the world ;-). Every macintosh file has a data fork and a resource fork. When a dual forked file hits a single forked file system, something has to go, and it is the resource fork. This was recognized as a problem (bad idea to begin with) and apple started recomending that developers avoid sticking vital file info in the resource fork portion of a file, but some files are still very sensitive to this. The main ones to watch out for are macintosh font files and executables, once the resource fork is gone from a mac font or an executable it is useless. To protect the files they should be stuffed or zipped prior to upload to protect the resource fork.

Most mac ftp clients (like fetch) allow files to be uploaded in Macbinhex, which will also protect the resource fork when transfering files via ftp. I have not seen this equivilent in any mac browser (but I haven't done too much digging either).

FYI, apple does have an old utility called ResEdit that lets you manipulate the resource fork portion of a file.
up
1
dg at artegic dot de
15 years ago
In case of non-deterministic occurence of the UPLOAD_ERR_PARTIAL error:  The HTTPD (e.g. Apache) should respond with a 'Accept-Ranges: none' header field.
up
1
morganaj at coleggwent dot ac dot uk
21 years ago
Here is another that may make your upload fall over.  If you are using Squid or similar proxy server make sure that this is not limiting the size of the HTTP headers. This took me weeks to figure out!
up
1
anders jenbo pc dk
17 years ago
A responce to admin at creationfarm dot com, Mac OS X and Windows running on a NTFS disk also uses a multi stream file system. Still only the data stream in transfared on http upload. It is preferable to pack Mac OS X files in .dmg files rathere then zip but the avarage user will find zip much easir and they are supported on more platforms.
up
1
bohwaz
2 years ago
Please be advised that setting a large post_max_size or upload_max_filesize for a complete server or a complete virtual host is not a good idea as it may lead to increased security risks.

The risk is that an attacker may send very large POST requests and overloading your server memory and CPU as it has to parse and process those requests before handling them to your PHP script.

So it's best to limit changing this setting to some files or directories. For example if I want to /admin/files/ and /admin/images/ I can use:

<If "%{REQUEST_URI} =~ m!^/admin/(files|images)/! && -n %{HTTP_COOKIE}">
    php_value post_max_size 256M
    php_value upload_max_filesize 256M
</If>

I also require the request to have a cookie to avoid basic attacks. This will not protect you against attacks coming from non-authenticated users, but may delay any attack.

This setting can be used in Apache server configuration files, and .htaccess files as well.
up
0
tjaart at siam-data-services dot com
19 years ago
Took me a while to figure this one out...

I think this is actually a header problem, but it only
happens when doing a file upload.

If you attept a header("location:http://...) redirect after
processing a $_POST[''] from a form doing a file upload
(i.e. having enctype="multipart/form-data"), the redirect
doesn't work in IE if you don't have a space between
location: & http, i.e.
header("location:http://...)  vs
header("location: http://...)

===================================
<?php
if ($_POST['submit']=='Upload') {
   
// Process File and the redirect...
   
header("location: http://"..."/somewhere.php");
    exit;
}
?>
<html><head></head><body>
<form enctype="multipart/form-data" action="upload.php" method="POST">
    <input type="hidden" name="MAX_FILE_SIZE" value="20000">
    Your file: <input name="filename" type="file">
    <input name="submit" type="submit" value="Upload">
</form>
</body></html>
===================================

This only happens if all of the following are true:
header("location:http://...) with no space
Form being processed has enctype="multipart/form-data"
Browser=IE

To fix the problem, simply add the space.

Hope this helps someone else.
up
0
tomcashman at unitekgroup dot com
21 years ago
For apache, also check the LimitRequestBody directive.
If you're running a Red Hat install, this might be set in /etc/httpd/conf.d/php.conf.
By default, mine was set to 512 KB.
up
-1
oliver dot schmidt at drehsinn dot de
18 years ago
If you want to use open_basedir for securing your server (which is highly recommended!!!) remember to add your tmp dir to the open_basedir value in php.ini.

Example: open_basedir = <your htdocs root, etc...>:/tmp

(Tested on gentoo Linux, Apache 2.2, PHP 5.1.6)
up
-6
sebastian at drozdz dot ch
21 years ago
It's important that the variable 'open_basedir' in php.ini isn't  set to a directory that doesn't not includes tempupload directory
To Top