Common Pitfalls
The MAX_FILE_SIZE
item cannot specify a file size
greater than the file size that has been set in the upload_max_filesize in
the php.ini file. The default is 2 megabytes.
If a memory limit is enabled, a larger memory_limit may be needed. Make sure you set memory_limit large enough.
If max_execution_time
is set too small, script execution may be exceeded by the value. Make
sure you set max_execution_time
large enough.
Note: max_execution_time only affects the execution time of the script itself. Any time spent on activity that happens outside the execution of the script such as system calls using system(), the sleep() function, database queries, time taken by the file upload process, etc. is not included when determining the maximum time that the script has been running.
max_input_time sets the maximum
time, in seconds, the script is allowed to receive input; this includes
file uploads. For large or multiple files, or users on slower connections,
the default of 60 seconds
may be exceeded.
If post_max_size is set too
small, large files cannot be uploaded. Make sure you set
post_max_size
large enough.
The
max_file_uploads configuration
setting controls the maximum number of files that can uploaded in one
request. If more files are uploaded than the limit, then
$_FILES will stop processing files once the limit is
reached. For example, if
max_file_uploads is set to
10
, then $_FILES will never contain
more than 10 items.
Not validating which file you operate on may mean that users can access sensitive information in other directories.
Due to the large amount of directory listing styles we cannot guarantee that files with exotic names (like containing spaces) are handled properly.
A developer may not mix normal input
fields and file upload fields in the same
form variable (by using an input
name like foo[]
).