HOW CAN I LIMIT THE MAXIMUM FILE UPLOAD LIMIT PER USER IN PHP.

#php #sql

Hello guys,
i have been trying for some days now to make it possible for each user in my website to only upload a maximum of 4 images and when ever he/she wants to upload the fifth image an error massage would be echoed telling the user that The maximum image to be uploaded have reached and cannot exceed 4 image

Below is the sample of the code on form submit

if (isset($_POST['upload'])) { 
// if upload button on the form is clicked

// name of the uploaded file
$filename = $_FILES['photo']['name'];

//location
$destination = '../images/business.cover/' . $filename;

// get the file extension
$extension = pathinfo($filename, PATHINFO_EXTENSION);

// the physical file on a temporary uploads directory on the server
$file = $_FILES['photo']['tmp_name'];
$size = $_FILES['photo']['size'];

// get id
$id=$_GET['id'];

//check is form is empty
if(empty($_POST['photo'])){
    $cover_msg= "<div class='alert alert-danger'>Empty cover phto field</div>";
}

//check file extension and maximum file size
if (!in_array($extension, ['jpg', 'gif', 'jpeg','png'])) {
    $cover_msg= "<div class='alert alert-danger'>You file extension must be .jpg .jpeg .gif .png</div>";
} elseif ($_FILES['photo']['size'] > 50000000) { // file shouldn't be larger than 1Megabyte
    $cover_msg= "<div class='alert alert-danger'>File too large!</div>";

} else {


// move the uploaded (temporary) file to the specified destination
    if (move_uploaded_file($file, $destination);) {

$sql = "INSERT INTO business(image) VALUES('$filename') WHERE id=$id";  

$cover_msg="<div class='alert alert-success'>Information uploaded Successfully</div>";
if (mysqli_query($conn, $sql)) {
} else {
die( "Failed to upload file".$conn->error);
}

}

}
}

PLEASE HELP, ANYONE

Top comments (5)

Vitalij Mik • Nov 2 '21

$destinationDir = '../images/business.cover' ;
$imagesInDestination = count(glob($destinationDir.'/*'));
$limitReached=$imagesInDestination > 4;
if($limitReached){ //show error }

Elijah Emmanuel • Nov 3 '21

Thanks I really appreciate
But is it possible to use SQL to count the number of times the user have uploaded previously, then check it from the location and pass the error?

Vitalij Mik • Nov 3 '21

yes it is but, you allow currently SQL injections in your code. i can create a file with SQL Code in the name and can inject it into your database.

And also the ID.

First your SQL Command should look like this

$sql = "INSERT INTO business(image,id) VALUES(?,?) ON DUPLICATE KEY UPDATE image = VALUES(image)";  
//Here we send the SQL to the database and say that in ? those are variables
$statement = mysqli_prepare($conn,$sql); 
//Here we send the variables in extra function so the database can "secure" them. we also say what kind of variables this is, s = string, i= integer, so filename should be a text and id should be a number
mysqli_stmt_bind_param($conn,"si",$filename,$id);
mysqli_stmt_execute($statement); //now we can execute the SQL in the database with secure variables

this way you will produce multiple entries in your Database. now you can call following SQL before your script starts

$sql ="SELECT COUNT(filename) as countFiles FROM business WHERE id = ?
LIMIT 1
";
$statement = mysqli_prepare($conn,$sql);
mysqli_stmt_bind_param($conn,'i',$id);
mysqli_stmt_execute($statement);
$result = mysqli_stmt_get_result($statement);
$dataFromDatabase = mysqli_fetch_assoc($result);
$limitReached = $dataFromDatabase['countFiles'] > 4;
if($limitReached) {
//TODO
}