HTML Upload MAX_FILE_SIZE does not appear to work

In PHP, you can use the $_FILES array to check the size of an uploaded file. The $_FILES['file']['size'] value will give you the size of the uploaded file in bytes. You can then compare this value to a maximum file size that you have specified.

You can also use the php ini configuration upload_max_filesize and post_max_size to limit the maximum file size that can be uploaded.

You can check these two values by using ini_get('upload_max_filesize') and ini_get('post_max_size') respectively.

It is also a good practice to check the file size using the is_uploaded_file() function, which returns true if the file was uploaded via HTTP POST, before moving the file to a permanent location.

Watch a course Learn object oriented PHP

You can also use the move_uploaded_file function to move the uploaded file, this function will check if the file is valid and was uploaded via HTTP POST before moving it.

Here is an example of how you can check the file size and move the uploaded file:


if ($_FILES['file']['size'] > $max_file_size) {
    die("Error: File size is larger than the allowed limit.");

if (!is_uploaded_file($_FILES['file']['tmp_name'])) {
    die("Error: File was not uploaded via HTTP POST.");

move_uploaded_file($_FILES['file']['tmp_name'], $upload_dir . $_FILES['file']['name']);

You can also use the file_upload_max_size() function to determine the maximum file size for uploads.

$max_upload = file_upload_max_size();

It is worth noting that it is important to validate the files on the server side as well as on the client side because client side validation can be easily bypassed.