Skip to content
Start » Web development » How to repopulate with old the input file upload field, in PHP and Laravel

How to repopulate with old the input file upload field, in PHP and Laravel

After validating data entry forms, which return to the user with information about errors that must be corrected, the good practice of populating fields with the old values (old) cannot be applied to upload fields – field files , both in PHP Laravel and in any other language.

This is a browser security measure to prevent malicious programs from trying to trick the user into forcing him to upload files with sensitive data.

File upload security

Your website (and any website) does not and should not know the local path to the file the user is uploading.

Imagine the security risks if they did! You could trick a user into uploading their private key SSH or something like this.

The upload context in PHP and Laravel before validation

If a file was selected and the form was submitted, you have already uploaded the file in your PHP script.

In this way, you can use this context to create alternatives in your system in order to simplify the user's data entry when he needs to correct a field, without necessarily having to re-upload a file that has already been sent.

What you need to do is process the uploaded file independently, even if there are validation errors in the form.

Keep reference on disk and hidden field

You can keep a reference to the uploaded file, write it to a temporary directory on disk, and place it in a hidden field of the form, then show a message to indicate to the user that you still have the file uploaded so it doesn't need to be replaced / reloaded.

When your form is resubmitted without a file, you can check the value of the hidden field and use it to get your local copy of the temp file that was last submitted by the user.

Clean up temporary files automatically after they reach a certain age, and provide a way for the user to change their mind about the file they want to upload, eg a checkbox (checked by default) for each file stored on the server for upload.

Keep reference in database

Another alternative is to store in your database with a pending status or a unique hash assigned to the file. With a corresponding hash stored in the user's session.

The goal is to be able to identify incomplete uploads that belong to that specific user.

Then, when displaying the form, retrieve the incomplete files from the session or database and display the thumbnail next to the file upload. This tells the user that they don't need to upload the file again. Just make sure they also have a way to remove it in case they change their minds.

Once the form is submitted correctly, clear the session hash or update the database status to complete; everything you need to do.

Ajax form validation

The other way to do this is to submit the form via ajax (using the iframe method to upload the file) or make an ajax call to validate the form first and then normally submit the file if the form inputs are valid.

Final considerations

In order to offer a better user experience on your system/site, it is important to think about these details and invest time in building robust routines for the interface's interaction with the applications' backend.

If you want to see code referring to these suggestions, look for me on Twitter @nunomazer and requests.

Leave a Reply

Your email address will not be published.

%d bloggers like this: