I know that the above code can easily be bypassed and that I require server side checking, but my question is how does the input type=“hidden” that sets the max file size get linked with the input type=“file” via plain html only. How would this work if you had multiple file upload forms? I thought they might be linked like radio buttons, so that each much share the same name, but I am not sure.
Then loop through all the file names to be uploaded in $_FILES[‘txtUploadFileName’][‘tmp_name’] and process them individually using the same process you would use if uploading just a single file per form.
So with multiple uploads, the first file name will be in $_FILES[‘txtUploadFileName’][‘tmp_name’][0]
. Say I have two <input type=“file” />'s. Which file inputs’s size is limited by this code? Perhaps <input type=“hidden” name=“MAX_FILE_SIZE” value=“500” /> just sets the max_file_size for every element on the form?
I understand you have to actually verify the file size from the backend, but I am under the impression that <input type=“hidden” name=“MAX_FILE_SIZE” value=“500” /> gives some form of protection in the HTML, even if it is easy to bypass.