<input type="hidden" name="MAX_FILE_SIZE" value="500" />
< input type="file" />
I know that the above code can easily be bypassed and that I require server side checking, but my question is how does the input type=“hidden” that sets the max file size get linked with the input type=“file” via plain html only. How would this work if you had multiple file upload forms? I thought they might be linked like radio buttons, so that each much share the same name, but I am not sure.
say you have
<input type='file' name='txtUploadFileName' />
Then the value in the hidden input with name ‘MAX_FILE_SIZE’ is submitted with the when the submit button is clicked.
The server then automatically checks if the size of the file exceeds the value of MAX_FILE_SIZE.
If it does then your $_FILES[‘txtUploadFileName’][‘error’] will equal 2.
If you have multiple file uploads in the one form then all the form’s input names have to be named as arrays by appending to each name.
<input type='file' name='txtUploadFileName[]' />
Then loop through all the file names to be uploaded in $_FILES[‘txtUploadFileName’][‘tmp_name’] and process them individually using the same process you would use if uploading just a single file per form.
So with multiple uploads, the first file name will be in $_FILES[‘txtUploadFileName’][‘tmp_name’][0]
I don’t believe I understand your reply. 
I am wondering how
<input type="hidden" name="MAX_FILE_SIZE" value="500" />
becomes associated with a given
<input type="file" />
. Say I have two <input type=“file” />'s. Which file inputs’s size is limited by this code? Perhaps <input type=“hidden” name=“MAX_FILE_SIZE” value=“500” /> just sets the max_file_size for every element on the form?
I understand you have to actually verify the file size from the backend, but I am under the impression that <input type=“hidden” name=“MAX_FILE_SIZE” value=“500” /> gives some form of protection in the HTML, even if it is easy to bypass.
yes - there is no association with individual fields - the association is with the entire form.