1

The following two questions clarify that the value of input file cannot be changed due to security reasons.

In PHP, when validating a form, one of the usual approaches is to re-fill the entered value in input text that was provided before clicking the submit button, so that the client knows what he inserted, or simply to keep the values in the fields, which is what the client is expecting. (He won't have to re-fill the form every time when there's a specific error).

So we use the following:

<input type="text" name="title" id="title" maxlength="100" value="<?php echo htmlspecialchars($title);?>" />

So since I cannot change the value of the input file, so I can re-fill it with the provided path $image['tmp_name'], this means the client will have to re-upload (or re-browse) the image each time a validation goes wrong, isn't there any possible way to keep that value?

Community
  • 1
  • 1
Ali Bassam
  • 9,691
  • 23
  • 67
  • 117
  • Well, first, validate before submit (but is unreliable, so don't trust it), then "embargo" the download you *did* receive and keep a reference to the file, telling the user you'll maintain the file on resubmission. Then, every so often, delete files that never got moved to the appropriate location. – Jared Farrish Mar 13 '13 at 00:48
  • you could use javascript validation preventing the form to be post until it is valid. – Jeffrey Nicholson Carré Mar 13 '13 at 00:48
  • Or... base64 encode the file source, send it back in a `hidden` field in the form, and unencode it when it returns? Obviously, not a great idea for very large files, so some sanity checks are required. – Jared Farrish Mar 13 '13 at 00:50

3 Answers3

0

You could store the file regardless of other validation errors in the form (obviously only if the file itself is valid), and then replace the file upload field with the file details (e.g. list the filename and size).

Actually rather than replacing the field, I'd recommend giving them the option to upload a different file in its place if they wish.

Mark Parnell
  • 9,175
  • 9
  • 31
  • 36
  • I do not want to store the file if the other inputs aren't valid (I do not want to insert the profile picture of a new user if he didn't register - if the other inputs aren't valid). – Ali Bassam Mar 13 '13 at 00:48
  • You could store the file in a temporary location until registration is complete, at which time you move it to the usual location, and set up a task to regularly delete files from that temp directory. But to do exactly what you're asking - just put the path back in the field - is not possible. – Mark Parnell Mar 13 '13 at 00:55
0

Store the uploaded file on the server.

Generate a checkbox with a value that references an id associated with that file. Make it checked by default.

Tell the user to uncheck it if they don't want to reuse the same file.

Quentin
  • 914,110
  • 126
  • 1,211
  • 1,335
  • Storing the file isn't really an urgent thing, I don't want to store it if other inputs aren't validated, it's just a matter of keeping the path in the input file. But looks like `input file` is just like captcha, it will regenerate (become empty) after postbacks. – Ali Bassam Mar 13 '13 at 00:54
  • You can't keep the path in the file input, that is why you store the file on the server instead. That way, not only is the value preserved (in a round-about way) but the file doesn't need to be repeatedly uploaded. – Quentin Mar 13 '13 at 07:31
0

Using javascript you can prevent the form from being submitted until all fields are validated.

I recommend jQuery Validation Engine tutorial included. demos

Also you can add some style to the image uploader using jQuery file upload.

Of course some field must be verified on the server that's why you can post an ajax request with the validation engine.

"ajaxUserCall": {
    "url": "ajaxValidateFieldUser",
    "extraData": "name=eric",
    "alertText": "* This user is already taken",
    "alertTextOk": " * User is valid",
    "alertTextLoad": "* Validating, please wait"
},

Some example with server side validation witout redirection or refreshing : Demo

Jeffrey Nicholson Carré
  • 2,950
  • 1
  • 26
  • 44
  • The problem isn't with validation, the problem is that when I'm validating on the server (Check Database if Email is already in use - Check if Username is available), and return an error message (This Username is not available), the path in the `input file` is gone, I cannot keep its value. – Ali Bassam Mar 13 '13 at 01:06
  • Yes, when the page refreshes. – Ali Bassam Mar 13 '13 at 01:11
  • using javascript you prevent the page from being submitted so no page refresh: the validation is made on the client side ( you can validate username and email on the server separatly using ajax posts). If you don't want to use javascript the only way i did this was doing a 2 step registration : 1) username + password + email ; 2)all the other informations – Jeffrey Nicholson Carré Mar 13 '13 at 01:15
  • i updated the post , but here is an example showing what i am talking about : http://www.position-relative.net/creation/formValidator/demos/demoAjaxInlinePHP.html – Jeffrey Nicholson Carré Mar 13 '13 at 01:22