Checking an uploaded file's size

$_FILES['upload'] = 'file';

if ($_FILES['upload']['size'] > 2000000);
	echo "File size is too large. Only files under 2000000 are accepted.";

In the code above I try to check an uploaded file’s size, but the if statement always returns true, and therefore executes, no matter what the file size actually is. (It will return true with the code above.) What am I doing wrong here? How should I check a file’s size, if this method is not workable?

I gave you the answer in your other thread.

Check the value of $_FILES[‘txtUploadFileName’][‘error’] where txtUploadFileName is the name of your <input type=‘file’… in your form.

If it = 2 then the size of the uploaded file is larger than the MAX_FILE_SIZE you specified.

I normally use a SWITCH block to spit out any upload errors and to terminate the upload.
$FILES errors explained

Hi, Thanks for answering. My code above does not work. I know there is no file in the sample, but I believe it should work, since I am just specifying a string as the file. I already have an error handling mechanism that tells me if $_FILES[‘file’][‘error’] > 0. It doesn’t report anything here though, which was why I am stumped. In my actual program, I use a test file, but it is just 1kb txt file.

To be honest, I wouldn’t worry too much about MAX_FILE_SIZE because it can easily be bypassed in your form.

When the file is uploaded into your server’s tmp area, it’s size is also checked agaianst the max file size in your php.ini which can’t be bypassed.

So if $_FILES[‘txtUploadFileName’][‘error’] = 1 then the uploaded file is larger than the max. size you have in your php.ini and then it doesn’t matter what the value of MAX_FILE_SIZE is.

I thought that $_FILES[‘upload’][‘size’] was an accurate way to tell the file’s size via PHP - are you saying it uses the form’s MAX_FILE_SIZE specification instead of what is specified in the code (here > 2000000)?

In part I want to do this simply for security checks, to see if a file has been tampered with somehow. Even if this code doesn’t work, I would still be interested in knowing why it fails (by that I mean always executes, even if the file is < 2000000). It looks to be syntactically correct and I don’t receive an error. If you try the code snippet yourself, you will see that it fails to detect that the file is < 2000000.

I’m not sure where ‘upload’ and ‘file’ are coming from in

$_FILES['upload'] = 'file';

Try using this, which works for me, as a guide for your code.

<form enctype="multipart/form-data" action="[COLOR=#006400][B]upload.php[/B][/COLOR]" method="post">
      <input type="hidden" name="MAX_FILE_SIZE" value="10000" />
      <input type="file" name="[COLOR=#ff0000]txtUploadFile[/COLOR]" id="txtUploadFile" />

and in upload.php

echo $_FILES['[COLOR=#ff0000][B]txtUploadFile[/B][/COLOR]']['size']; die();  //for testing purposes

//check if any errors occurred during the upload.
if ($_FILES['txtUploadFile']['error'] > 0) {
    echo '<p>Problem: <br /></p>';
    switch ($_FILES['txtUploadFile']['error']) {
        case 1: echo '<p>File exceeded upload_max_filesize.<br />';
        case 2: echo '<p>File exceeded max_file_size.<br />';
        case 3: echo '<p>File only partially uploaded.<br />';
        case 4: echo '<p>No file uploaded.<br />';


$_FILES['upload'] = 'file';

Upload is just the name of the form field that submitted the file. I just made this as a sample though.

We are doing nearly the exact same thing in our code. I also handle file errors like that. I think this question might be simplified though. Is

if ($_FILES['upload']['size'] > 2000000);
	echo "File size is too large. Only files under 2000000 are accepted.";

I realize that the built in errors cover this ($_FILES[‘upload’][‘error’] will report an error code if the file is too large), but for information sake, I am wondering why the if statement evaluates true even when a file is less than 2000000. Is this just not a way to check a file’s size? I do not get any errors via $_FILES[‘upload’][‘error’] that indicate it is too large, even though this if statement evaluates true.

Without seeing all your code I’m not sure why your code is not working.

Are you sure you have enctype=“multipart/form-data” in your <form> and are you sure file uploads is enabled on your server?

All I can do is post the actual code I am using and it works fine on my local xampp server.


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
<html xmlns="">

        <form enctype="multipart/form-data" action="upload.php" method="post">

            <input type="hidden" name="MAX_FILE_SIZE" value="10000000" />

                <input type="file" name="txtUploadFile" id="txtUploadFile" />
                <input type="submit" value="Upload File" />




$myMaxFileSize = 10000;

if($_FILES['txtUploadFile']['size'] > $myMaxFileSize) {
    echo 'File size is too big';
} else {
    echo 'File size is ok';


I’ve set $myMaxFileSize = 10000

When I upload a 12kb file I get ‘File size is too big’. If I set $myMaxFileSize = 20000 and upload the same 12kb file I get ‘File size is ok’

That’s really interesting that it works for you there. My code is all over the place and embedded so it is hard to extract, but it is essentially the same as yours above (including enctype=“multipart/form-data”) so that’s why I provided a snippet. my file upload succeeds (and I can verify it on my server), so that’s why I also didn’t think more code would be needed. I even created a small test script, minus extras I have built in, and still had the aforementioned problems with the if statement evaluating true. I’m going to run your script later alongside my test script to see if there are any differences.

Thanks for all of your help!

ok, then the only thing I can suggest is that either there is something strange going on elsewhere in your code or there is some server configuration setting causing your problem. Unfortunately I can’t help much with either of those unless you post more code.

No problem - I’m grateful for all of your help so far. I am going to try and diagnose this issue later this week. I will post more code here if I can’t scrounge up an answer for myself based on what’s been posted here. :slight_smile: