Home/ Questions/Q 5987105
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-22T22:46:02+00:00

How should I go about handling http uploads that exceeds the post_max_size in a

  • 0

How should I go about handling http uploads that exceeds the post_max_size in a sane manner?

In my configuration post_max_size is a few MB larger than upload_max_filesize
The problems I’m having are:
If a user uploads a file exceeding post_max_size

  • The _POST array is empty
  • The _FILES array is empty, and of course any error codes therein are not present.
  • No other info what kind of form post it is is accessible through theses means.

Part of the problem is that the receiving script takes different actions depending on the contents of the POST.

I do have access to the _SERVER variables and can get clues as to what happened, i.e. CONTENT_TYPE, CONTENT_LENGTH and REQUEST_METHOD. It does however seem very problematic to make guesses based on those contents.

MEMORY_LIMIT (set to 10 times the relevant sizes) and Apaches LimitRequestBody (set to unlimited) are found to not be at fault.

As it stands now I have a hard time even providing any meaningful messages to the user.

Is there any way to retain some form data to get better clues as to what has gone wrong? I’m very reluctant to move away from php.

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    For a simple fix that would require no server side changes, I would use the HTML5 File API to check the size of the file before uploading. If it exceeds the known limit, then cancel the upload. I believe something like this would work:

    function on_submit()
{
  if (document.getElementById("upload").files[0].size > 666)
  {
    alert("File is too big.");
    return false;
  }

  return true;
}

<form onsubmit="return on_submit()">
<input id="upload" type="file" />
</form>

    Obviously it’s just a skeleton of an example, and not every browser supports this. But it wouldn’t hurt to use this, as it could be implemented in such a way that it gracefully degrades into nothing for older browsers.

    Of course this doesn’t solve the issue, but it will at least keep a number of your users happy with minimal effort required. (And they won’t even have to wait for the upload to fail.)

    As an aside, checking $_SERVER['CONTENT_LENGTH'] vs the size of the post and file data might help detect if something failed. I think it when there is an error it will be non zero, while the $_POST and $_FILES would both be empty.

    • 0