The MAX_FILE_SIZE item cannot specify a file size
greater than the file size that has been set in the upload_max_filesize ini-setting.
The default is 2 Megabytes.
If a memory limit is enabled, a larger memory_limit may be needed. Make
sure you set memory_limit
is set too small, script execution may be exceeded by the value. Make
sure you set max_execution_time large enough.
affects the execution time of the script itself. Any time spent
on activity that happens outside the execution of the script
such as system calls using system(), the
sleep() function, database queries, time taken by
the file upload process, etc. is not included when determining the maximum
time that the script has been running.
max_input_time sets the maximum
time, in seconds, the script is allowed to receive input; this includes
file uploads. For large or multiple files, or users on slower connections,
the default of 60 seconds may be exceeded.
If post_max_size is set too
small, large files cannot be uploaded. Make sure you set
post_max_size large enough.
Not validating which file you operate on may mean that users can access
sensitive information in other directories.
Please note that the CERN httpd seems to strip off everything
starting at the first whitespace in the content-type mime header
it gets from the client. As long as this is the case, CERN httpd
will not support the file upload feature.
Due to the large amount of directory listing styles we cannot guarantee
that files with exotic names (like containing spaces) are handled properly.
A developer may not mix normal input fields and file upload fields in the same
form variable (by using an input name like foo).