PHP文件上传-php.ini

Question

I've a site that is uploading images and I just wanted to ask how to set a couple of php.ini settings:

max_file_uploads (The maximum mumber of files that can be uploaded in 1 go).

Does the above setting mean the total number of files that can be uploaded by a users session and the amount at one time. eg: users can upload 8 images total. If I set this to 1 does it mean 1 images at a time or total of 1? Would setting it to 8 make sense or should I set it to a higher number of users can upload and then change their mind.

upload_tmp_dir      /custom/location    Change the location of where files are initally uploaded to

Should this be set outside the document root for php to upload too? What is a typical location? /var/php_images? I'm using open_basedir so should this path be included in here to?

Answer 1

The max_file_uploads directive specifies the maximum number of files that can be uploaded per request. PHP doesn't care about your sessions or anything. So, if you have a form with 3 upload inputs, and you only allow 1 on the server, and your users send more than 1, then they will have exceeded the max.

upload_tmp_dir should always be outside of your doc root. In addition, when you move files out of this temporary directory, keep it outside of the doc root, for security. Don't name files the names users specify. Don't use file extensions. Keep the original names, types, and what not in a database. Use a PHP script to retrieve them on the web side of things, if needed.