Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

PHP Form validation and Upload

Posted on 2012-08-26
8
Medium Priority
?
223 Views
Last Modified: 2013-04-20
I asked this question here on E-E.

While understand what they are saying, I don't know how to implement it.

Can someone give an example with a form with say one required input text field and the input file field?  (So the input text field failed validation and the page postsback, they don't have to re-choose the file.)

Thanks!
0
Comment
Question by:christamcc
  • 3
  • 3
  • 2
8 Comments
 
LVL 36

Expert Comment

by:Loganathan Natarajan
ID: 38335303
In that case,  you can validate the input text field using AJAX way.

http://bassistance.de/jquery-plugins/jquery-plugin-validation/

Demo,
http://jquery.bassistance.de/validate/demo/

but still, you can't reload the file choosen in file input field. it is against security issue.
0
 
LVL 111

Expert Comment

by:Ray Paseur
ID: 38336250
... they don't have to re-choose the file
This is highly problematic in your design.  Think about the security implications.  If you could prepopulate the values in $_FILES (<input type="file"...>) the server would be able to access any file on the client machine without permission.  Should you ever find a way to do that, the security experts will shut it down immediately.

As I wrote here, you should not design an application this way.
http://www.experts-exchange.com/Web_Development/Web_Languages-Standards/PHP/Q_27837349.html

Instead, you might try things more like this.  A first form captures the text and the file, and the action script uploads the file and stores it in a predictable location, saving the URL of the stored file in the PHP session.  Then the action script validates the text.  If the text does not pass validation, the action script presents a form to the client asking her to replace the text with something that passes validation.

I'll try to write a demonstration script for you if I get time later today.

Best regards, ~Ray
0
 

Author Comment

by:christamcc
ID: 38338093
I have Jquery validation implemented on the form so it is unlikely that I will be in this predicament, but using client side as a backup.

When I said "they don't have to re-choose the file" what I was thinking that IF there is a blank secondary field then the file gets saved and when the form posts back the step "Choose" would instead say File Chosen and show the name of the file (thereby not having to rechoose it).  And then on that form's postback I would move_uploaded_file.  That was my understanding of what the solution was on my original E-E question.

What do people usually do in this situation, it seems like most people wouldn't want their users to have to rechoose the file upon form validation error? Do they just rely on client side form validation?
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 36

Expert Comment

by:Loganathan Natarajan
ID: 38339389
Otherwise, once the file is chosen you can upload it then do the validation
0
 
LVL 111

Accepted Solution

by:
Ray Paseur earned 1500 total points
ID: 38340625
You can use client side form validation to make the web experience nice for your client, but you must perform server-side validation of all external input as a matter of security.  Your clients will not try to damage your web site, but hackers will simply bypass the JavaScript and post toxic data into your action script.  The action script must accept only known good values from authorized sources.

I think your idea about "File Chosen" is a good one, and I would only add that the client should be given an opportunity to either keep the file that was chosen, or choose another file.  After all, if the secondary data is in question, the file might be in question, too.

You must move_uploaded_file() at the time your script initially receives the file.  It won't be available to you if it is not part of the request, so store it somewhere safe while you're engaged in the form validation and continued dialog with the client.
0
 

Author Comment

by:christamcc
ID: 38384329
Does move_uploaded_file() take time to upload?  For example some files may be over 100megs.. which could take a while...  would this be happening while they attempted to correct the errors on the form... and if they wanted to select a different file instead would the first file just continue to "move" while the new correct form was being submitted?

Separately: While I do appreciated the info I received, this post immediately got offtrack from my initial request of "Can someone give an example with a form with say one required input text field and the input file field?"

Because of where this post has gone,  I'll close the question out when the new question in this comment is answered (about the move) and will create a new question asking for the sample.
0
 

Author Closing Comment

by:christamcc
ID: 39096540
The info was really good, but was sort of an expanded repeat of the answer that I referenced in this question.  My actual question was never answered...
0
 
LVL 111

Expert Comment

by:Ray Paseur
ID: 39096919
Well, this one has been hanging out there for a long time, hasn't it!  The question assumes the existence of a mechanism that does not exist and cannot exist in the context of HTTP security rules.  To anyone in the future who may be viewing this question, please understand that you cannot prepopulate the contents of the input type="file" under any circumstances.
0

Featured Post

Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Things That Drive Us Nuts Have you noticed the use of the reCaptcha feature at EE and other web sites?  It wants you to read and retype something that looks like this. Insanity!  It's not EE's fault - that's just the way reCaptcha works.  But it i…
This article discusses four methods for overlaying images in a container on a web page
The viewer will learn how to dynamically set the form action using jQuery.
The viewer will learn how to look for a specific file type in a local or remote server directory using PHP.
Suggested Courses

581 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question