DEV Community

Elijah Emmanuel
Elijah Emmanuel

Posted on

HOW CAN I LIMIT THE MAXIMUM FILE UPLOAD LIMIT PER USER IN PHP.

Hello guys,
i have been trying for some days now to make it possible for each user in my website to only upload a maximum of 4 images and when ever he/she wants to upload the fifth image an error massage would be echoed telling the user that The maximum image to be uploaded have reached and cannot exceed 4 image

Below is the sample of the code on form submit

if (isset($_POST['upload'])) { 
// if upload button on the form is clicked

// name of the uploaded file
$filename = $_FILES['photo']['name'];

//location
$destination = '../images/business.cover/' . $filename;

// get the file extension
$extension = pathinfo($filename, PATHINFO_EXTENSION);

// the physical file on a temporary uploads directory on the server
$file = $_FILES['photo']['tmp_name'];
$size = $_FILES['photo']['size'];

// get id
$id=$_GET['id'];

//check is form is empty
if(empty($_POST['photo'])){
    $cover_msg= "<div class='alert alert-danger'>Empty cover phto field</div>";
}

//check file extension and maximum file size
if (!in_array($extension, ['jpg', 'gif', 'jpeg','png'])) {
    $cover_msg= "<div class='alert alert-danger'>You file extension must be .jpg .jpeg .gif .png</div>";
} elseif ($_FILES['photo']['size'] > 50000000) { // file shouldn't be larger than 1Megabyte
    $cover_msg= "<div class='alert alert-danger'>File too large!</div>";

} else {


// move the uploaded (temporary) file to the specified destination
    if (move_uploaded_file($file, $destination);) {

$sql = "INSERT INTO business(image) VALUES('$filename') WHERE id=$id";  

$cover_msg="<div class='alert alert-success'>Information uploaded Successfully</div>";
if (mysqli_query($conn, $sql)) {
} else {
die( "Failed to upload file".$conn->error);
}

}

}
}
Enter fullscreen mode Exit fullscreen mode

PLEASE HELP, ANYONE

Latest comments (5)

Collapse
 
blackscorp profile image
Vitalij Mik
$destinationDir = '../images/business.cover' ;
$imagesInDestination = count(glob($destinationDir.'/*'));
$limitReached=$imagesInDestination > 4;
if($limitReached){ //show error }
Enter fullscreen mode Exit fullscreen mode
Collapse
 
vinhpedro profile image
Elijah Emmanuel

Thanks I really appreciate
But is it possible to use SQL to count the number of times the user have uploaded previously, then check it from the location and pass the error?

Collapse
 
blackscorp profile image
Vitalij Mik

yes it is but, you allow currently SQL injections in your code. i can create a file with SQL Code in the name and can inject it into your database.

And also the ID.

First your SQL Command should look like this

$sql = "INSERT INTO business(image,id) VALUES(?,?) ON DUPLICATE KEY UPDATE image = VALUES(image)";  
//Here we send the SQL to the database and say that in ? those are variables
$statement = mysqli_prepare($conn,$sql); 
//Here we send the variables in extra function so the database can "secure" them. we also say what kind of variables this is, s = string, i= integer, so filename should be a text and id should be a number
mysqli_stmt_bind_param($conn,"si",$filename,$id);
mysqli_stmt_execute($statement); //now we can execute the SQL in the database with secure variables
Enter fullscreen mode Exit fullscreen mode

this way you will produce multiple entries in your Database. now you can call following SQL before your script starts

$sql ="SELECT COUNT(filename) as countFiles FROM business WHERE id = ?
LIMIT 1
";
$statement = mysqli_prepare($conn,$sql);
mysqli_stmt_bind_param($conn,'i',$id);
mysqli_stmt_execute($statement);
$result = mysqli_stmt_get_result($statement);
$dataFromDatabase = mysqli_fetch_assoc($result);
$limitReached = $dataFromDatabase['countFiles'] > 4;
if($limitReached) {
//TODO
}
Enter fullscreen mode Exit fullscreen mode
Thread Thread
 
vinhpedro profile image
Elijah Emmanuel

II really thank you vary much, u are the best

Collapse
 
eichgi profile image
Hiram

You could set this in php_ini file. Here You have more info stackoverflow.com/questions/403009....