上传照片和照片尺寸

Question

I want to protect the website from a customer can not upload pictures larger than 2MB, and if do it, receive an error designed by me. The code I created is this, but do not work, if the size is greater than 2mb, skip the restriction that sends him to "error.php" I try to upload the file, and displays a list of alerts

<?php session_start(); 
include("includes/conexiones.php");
$sql="SELECT * FROM trabajos ORDER BY id DESC LIMIT 1" ;
$resultado=mysql_query($sql);
$fila=mysql_fetch_array($resultado);
$lastid=$fila["id"];
$prefijo=$lastid+1;
if ($_POST["cserv"]!=""){
$servicio=$_POST["cserv"];}
if ($_POST["cdirv"]!=""){
$direccion=$_POST["cdirv"];}
if ($_POST["cobserv"]!=""){
$observaciones=$_POST["cobserv"];}
if ($_FILES["cfoto"]!=""){
$foto=$_FILES["cfoto"]["name"];
$nombrefoto=$prefijo.$foto;
$Upload=$_FILES["cfoto"]["name"];
$Type=$_FILES["cfoto"]["type"];
$Size=$_FILES["cfoto"]["size"];
}
if($Size > 2097152){
header("location:error.php");
}
if($Size < 2097152){
$fototmp=$_FILES["cfoto"]["tmp_name"];
list($ancho, $alto)=getimagesize($fototmp);
$nuevoancho=600;
$nuevoalto=600*$alto/$ancho;
$nuevaimg=imagecreatetruecolor($nuevoancho, $nuevoalto);
$idnuevaimg=imagecreatefromjpeg($fototmp);
imagecopyresized($nuevaimg,$idnuevaimg,0,0,0,0,$nuevoancho,$nuevoalto,$ancho,$alto);
imagejpeg ($nuevaimg,"imagenes/grandes/".$nombrefoto);
$fototmp=$_FILES["cfoto"]["tmp_name"]; 
list($ancho, $alto)=getimagesize($fototmp);
$nuevoancho=144;
$nuevoalto=144*$alto/$ancho;
$nuevaimg=imagecreatetruecolor($nuevoancho, $nuevoalto);
$idnuevaimg=imagecreatefromjpeg($fototmp);
imagecopyresized($nuevaimg,$idnuevaimg,0,0,0,0,$nuevoancho,$nuevoalto,$ancho,$alto);
imagejpeg ($nuevaimg,"imagenes/peques/".$nombrefoto);
$sql="INSERT INTO trabajos (servicio, direccion, observaciones, foto) VALUES ('$servicio',         '$direccion', '$observaciones', '$nombrefoto')";
mysql_query($sql);
$idtrabajo=mysql_insert_id();
header("location:insertartrabajo2.php?vid=$idtrabajo"); 
}
?>

if anyone has a better solution, I'm open to advice.

thanks

Answer 1

open your php.ini file, and update the parameter upload_max_filesize to 2M

Like this:

upload_max_filesize = 2M

save, exit the file and restart apache.

If you don't have access to php.ini, then add the following line to your .htaccess file

php_value upload_max_filesize 2M

I wouldn't rely on $_FILES variable because almost every value in that variable can be overridden by malicious users.

When the user's upload exceeds upload_max_filesize then you just have to check in $_FILES['cfoto']['error'] .

Check that this value is UPLOAD_ERR_INI_SIZE to detect if the file is bigger than the max size defined in your php.ini/.htaccess:

if($_FILES['cfoto']['error'] == UPLOAD_ERR_INI_SIZE) {
  // redirect to your error screen
} else {
  // proceed as normal
}

Answer 2

For detecting file size use this code

$fileSize = $_FILES["avatar"]["size"];

and use this code for size u want...

if($fileSize > 1048576) {
    header("location: ../message.php?msg=ERROR: Your image file was larger than 1mb");
    exit(); 
}

and the message.php is

<?php
$message = "";
$msg = preg_replace('#[^a-z 0-9.:_()]#i', '', $_GET['msg']);
if($msg == "activation_failure"){
        $message = '<h2>Activation Error</h2> Sorry there seems to have been an issue     activating your account at this time. We have already notified ourselves of this issue and  we will contact you via email when we have identified the issue.';
} else if($msg == "activation_success"){
    $message = '<h2>Activation Success</h2> Your account is now activated. <a     href="login.php">Click here to log in</a>';
} else {
    $message = $msg;
}
?>
<div><?php echo $message; ?></div>