Anonymous Monk has asked for the wisdom of the Perl Monks concerning the following question:

A search on here comes across  $CGI::POST_MAX. Seems easy enough but I have a few questions. By the way, I have a CGI form that lets users upload files.
  • Is this is bytes or kb? Speaking of images (I allow .doc, .html and some image formats to be uploaded), I'm concerned about bandwidth. What do YOU think a fair size would be to restrict to?
  • What happens if the file they attempt to upload is greater than that of which I limited? Will the script die? I'd like to control this error if I could using something like if (size is to big) { print the size is to big; exit}, for a cleaner death error.
  • $CGI::POST_MAX. Can this be $CGI::$max_num and still work?
  • Last but not least, I have multiple file uploads on a given screen and a single MB restriction would limit the TOTAL size I'm assuming. Is there an easy yet safe way to restrict file sizes on a specific variable/filehandle? Thanks for all your help.

    • Replies are listed 'Best First'.
    Re: Restricting file upload size
    by b10m (Vicar) on Mar 22, 2004 at 13:23 UTC

      Please read CGI

      "Is this is bytes or kb?"

      From CGI: "If set to a non-negative integer, this variable puts a ceiling on the size of POSTings, in bytes."

      "What do YOU think a fair size would be to restrict to?"

      This is impossible to answer in a sane fashion, for you don't specify what is being uploaded. Are they JPEGs of pictures for a contest? Background images? In other words, please explain what you really want to be uploaded.

      "What happens if the file they attempt to upload is greater than that of which I limited? Will the script die? I'd like to control this error if I could using something like if (size is to big) { print the size is to big; exit}, for a cleaner death error."

      Again from CGI: "An attempt to send a POST larger than $POST_MAX bytes will cause param() to return an empty CGI parameter list. You can test for this event by checking cgi_error(), either after you create the CGI object or, if you are using the function-oriented interface, call <param()> for the first time. If the POST was intercepted, then cgi_error() will return the message "413 POST too large"."

      "$CGI::POST_MAX. Can this be $CGI::$max_num and still work?"

      What is $CGI::$max_num ?

      "Is there an easy yet safe way to restrict file sizes on a specific variable/filehandle?"

      Create several upload forms? I'm not sure how to handle this best, but I'm sure some other monks will help you out on this one.

      --
      b10m

      All code is usually tested, but rarely trusted.
    		[reply]
    Re: Restricting file upload size
    by matija (Priest) on Mar 22, 2004 at 13:36 UTC
      • Bytes. Fair size depends on your site. How much are you paying for bandwidth? How large do you want the pictures people upload?
      • The request gets back the error from CGI itself. I don't think you can modify the error message, but I'd have to dig through the guts of CGI.pm to be sure. Certainly the docs don't seem to indicate any way for you to change the message or to detect this error has occured.
      • No idea. Can't even find $CGI::$max_num described anywhere. (Are you sure you need that many $$ in there?)
      • You can only upload one file per request, so your question does not apply.
    		[reply]
        You can only upload one file per request, so your question does not apply.

        Where did you pick up that idea? You can upload as many files per request as you'd like... there is no limit (in number anyhow, size is a different matter).

    		[reply]

    Back to Seekers of Perl Wisdom