After validating data entry forms, which return to the user with information from the errors that should be corrected, the best practice is to fill the fields with the last (old) values, but is not possible to apply this techinique to upload field files, both in Laravel PHP and in any other language.

This is a browse safety measure to avoid malicious programs to try to fool the user by forcing them to upload files with sensitive data.

File upload safety

Your website (and any site) does not know, and should not know, the local path to the file that the user is uploading.

Imagine the safety risks if they did! You could fool a user to upload its private SSH key or something like that.

The context of PHP upload and Laravel before validation

If a file has been selected and the form has been sent, you have already received the upload file on your PHP script at server side.

This way you can use this context to create alternatives in your system to simplify user data entry when it needs to correct a field without necessarily having to upload the file already sent.

What you need to do is to handle the uploaded file independently, even if there are validation errors in other fields of the form.

Keep a reference in disk and in a hidden field

You can keep a reference to the file sent by saving it in a temporary directory on the disk, and put it in a hidden field of the form, so show a message to indicate to the user that you still have the uploaded file so that it does not need to be replaced/“re"uploaded.

When your form is sent again without a new file uploaded, you can check the hidden field value and use it to get your local copy of the temporary file that was sent in the previous attempt the user.

Clean temporary files automatically after then reach a certain age, and provide means for the user to change its mind about the file you want to send, for example, a selection box (marked by default) to each file stored on the server for upload.

Keep a reference in database

Another alternative is to store in a database a reference to the file with a pending status or an exclusive hash attribute. With a corresponding hash stored in the user session.

The goal is to be able to identify incomplete uploads that belong to this specific user.

So when displaying the form, recover the incomplete files from the session or database and display the thumbnail next to the upload of the file. This informs the user that it do not need to upload the file again. Just make sure it also have a way to remove the previous file if it change its minds.

Once the form is sent correctly, clean the session hash or update the database status to complete; this is everything you need to do.

AJAX Form Validation

The other way to do this is to send the form via ajax (using the IFRAME method for file upload) or make an Ajax call to validate the form first and then send the file normally if the form input fields are valid.


To offer a better user experience on your system / site it is important to think about these details and invest time building robust routines for interface interaction with the Backend of Applications.

If you want to see code regarding these suggestions, look for me on Twitter @nunomazer to ask.