Allowing uploads?

I have a formmmmm which allows uploads. I want to cover all my bases and be protected as possible. I want to limit the # of uploads in the form to 10, and make it so that no upload can be more than 500Kb to do this I gether I need to edit the php.ini file and editing 2 variables (upload_max_filesize, and max_file_uploads)

max_file_uploads is currently set to 20

drop it down to 10
upload_max_filesize is currently set to 1024M

also drop that down to 50K

Would doing these 2 things protect me?

I have not thought about limiting uploads on my site and have not had a problem but may have been lucky.

What about setting a timed or IP session variable to prevent an automated computer from uploading batches of 10 one after the other?

How do I do that?

You will have to look it up; there are loads of tutorials on the web.

Basically when the form is submitted a session variable is set with say the time or IP address and then upload page would check the session variable. If the time is less than say a minute since the last submit it would not allow the upload.

1 Like

I have seen a lot of upload scripts check the size of the file when it arrives as part of the file upload code, and refuse to move it from the temporary area if it is too large. Is that not a suitable method for you?

1 Like

This topic was automatically closed 91 days after the last reply. New replies are no longer allowed.