If you can, you may want to set post_max_size to a low value (say “1M”) to make testing easier.

First test to see how your script behaves. Try uploading a file that is larger than post_max_size. If you do you will get a message like this in your error log:

[09-Jun-2010 19:28:01] PHP Warning:  POST Content-Length of 30980857 bytes exceeds the limit of 2097152 bytes in Unknown on line 0

If you’re not careful this can lead to unexpected behavior in your application. The end result can range from silent failure all the way to lost customers.

Solving the problem

The PHP documentation provides a hack to solve this problem:

If the size of post data is greater than post_max_size, the $_POST and $_FILES superglobals are empty. This can be tracked in various ways, e.g. by passing the $_GET variable to the script processing the data, i.e. <form action=”edit.php?processed=1″>, and then checking if $_GET['processed'] is set.
Source: PHP manual

To be clear, it is suggesting that you pass a value in the query string along with your form. If the value is in the $_GET superglobal and both $_FILE and $_POST are empty then the maximum upload size is exceeded. There are two problems with this approach: it adds extra complexity on the front-end and it can potential give a false positive.

Extra complexity on the front-end means extra documentation and more room for mistakes. And if there is a mistake it may not be caught for a long time (does your QA team routinely upload large files?). In this case we already have all the data that we need to determine if the maximum file size was exceeded without adding extra complexity and headache for developers.

We know what type of request is being processed, we have the $_POST and $_FILES arrays, and we have the content length as it was passed to the HTTP server from the client. From that we get this code:

if ( $_SERVER['REQUEST_METHOD'] == 'POST' && empty($_POST) &&
     empty($_FILES) && $_SERVER['CONTENT_LENGTH'] > 0 )
{
  $displayMaxSize = ini_get('post_max_size');

  switch ( substr($displayMaxSize,-1) )
  {
    case 'G':
      $displayMaxSize = $displayMaxSize * 1024;
    case 'M':
      $displayMaxSize = $displayMaxSize * 1024;
    case 'K':
       $displayMaxSize = $displayMaxSize * 1024;
  }

  $error = 'Posted data is too large. '.
           $_SERVER[CONTENT_LENGTH].
           ' bytes exceeds the maximum size of '.
           $displayMaxSize.' bytes.";
}

The important thing to notice is the “if” statement on lines one and two. The example code just sets an error string. Production code might display a message to the user, execute some Javascript (for asynchronous uploads), or pass back a XML or Json object for Flash clients.

I’ve tested this code with Apache as both a module and as CGI. As far as I know it should work fine with IIS as well.

The other day I was reading the release notes and I couldn’t help but smile.

1. New native MySQL driver

I’m saving the best for last. So bear with me. Lets get through the small grins before we get to the big toothy ones (or you can read ahead… you’re choice). PHP 5.3 ships with a new MySQL driver called mysqld. A database driver is responsible for making the actually connection from PHP to MySQL. The previous MySQL driver had some flaws. For one, it was license in a way that was not compatible with the PHP license. The new MySQL Native Driver has a more amicable license (which is big in the open source world). It also adds some experimental functionality including improved persistent connections. There is also a down side but that is for another post.

2. Host specific PHP INI configurations

I previously worked on a hosted CMS and web publishing tool that had dozens of virtual hosts but only one php.ini. The new functionality allows to section off your PHP configuration to have a different configuration for every host or file path. I haven’t tried this one yet so I’m not sure how well it works. Try it out for yourself. There is a comment on PHP.net right now saying that it only works for CGI PHP and not for the CLI implementation.

[HOST=example.com]
error_reporting = E_ALL
display_errors = On

Example from the PHP documentation.

3. Shortcut ternary operator

I had never considered this before. However, this saves a lot of time for rather repetitive code. Consider these three identical code snipits.

<?php
if ( $foo ) $x = $foo;
else $x = $bar;

$x = ( $foo ? $foo : $bar );
$x = ( $foo ?: $bar );
?>

The third method is the new shortcut. It reads simply: “if foo than foo else bar.” I am still waiting for the first time for this to be useful. The biggest issue I see is that in the above example $foo cannot legitimately be anything that evaluates to false. As a result it is best used for variables that should be non-empty strings or non-zero numbers.

4. Date math

The DateTime class now has several new methods in it for dealing with date arithmetic. It puts an end to manually converting to timestamps and back to dates again. It works very simply:

<?php
$date = new DateTime('2009-06-30 09:00:00');
$date->sub('P5D'); // Subtract five days
echo $data->diff( new DateTime() )->format('%d').' days ago';
?>

The new DateTime methods and the new DateInterval class (returned from and passed to math functions) aren’t very well documented because they are so new.
It is worth noting that the format methods are different in the two classes. Intervals require a percentage (%) in front of placeholders. Watch out for that.

5. Closures

Closures are one of the best parts of PHP 5.3. At first I wasn’t very excited about them. I use closures constantly in Javascript but in a stateless HTTP request situation they appear less useful. But then I got into it. They are improved methods of dealing with lambda-functions. In other words, they are functions that are nameless and can be assigned to variables. In actuality they are classes.

<?phpi
$y = 10;
$x = function($number) use ( &$y ) {
  return $number * $y;
};
$y = 100;
echo $x(8); // Output: 800
?>

This is the point at which a lot of PHP programmers would pause. Did I say they are classes? Since when can you call a class like it was a function? Since PHP 5.3 you can! . You do it by defining the “_invoke” magic method. Like so:

<?php
class testInvoke {
  public function __invoke( $x ) { echo "Hello $x"; }
};
$x = new TestInvoke();
echo $x('world'); // outputs "Hello World"
?>

This is by far one of the coolest new features in PHP 5.3. It opens a whole new world of possibilities for clean / manageable code.

Bonus Things

5.1. New magic method for matching calls to static methods

For a while now we have been able to define the magic method “__call” in our classes that will be executed if you try to call a method in a class instance that does not exist. Now the “__callStatic” method does the same thing only for methods of static classes.

5.2. Late static binding

Late static binding is a long time coming. In fact, this has tripped me up in several projects. In simplest terms late binding is waiting to determine what object a method or member variable belongs to until it is called. Late static binding in PHP, as its name indicates, applies this concept to static methods and members variables in PHP. The PHP.net website bests describes in on the manual page for late static binding.

5.3. E_DEPRECATED

Here is a tip for everyone: if you are developing open source PHP software you should develop it in E_STRICT mode. This new E_DEPRECATED flag is actually part of E_ALL which sends a strong message that you shouldn’t be using these depreciated functions. I am a huge fan of anything that helps us write better code.

I hope everyone got through this post just fine. It is a long one. Leave comments (the comment section is OpenID enabled).