Trongate Docs
switch to dark modeswitch to dark mode
Form Validation For File Uploads

Form Validation For File Uploads

As described in the previous page, file uploaders are basically HTML forms that submit post requests to a URL.  Now, we're going to focus on building a method for receiving those post requests and carrying out some validation tests on submitted files.

We can start off by creating an ordinary method and invoking some security to make sure only authorized users can access our endpoint.  For example,:

function submit_upload() {

    $submit = post('submit');

    if ($submit == 'Upload') {
        //let's do some validation...

Did You Know?
By using form_close() to produce a form closing tag and by naming our submit button with a name of 'Submit', Trongate will automatically add CSRF protection to your forms!

Using The Validation Helper To Validate Files

Trongate has a built-in file validation helper class to assist with form validation in situations where a file has been submitted.

Click here to learn about Trongate's file validation helper.

It's for you, the developer, to decide what validation tests you'd like to run.  However, for the purposes of illustration let's:

  • make sure the submitted file is either a .txt file or a .csv file
  • make sure the submitted file has a file size that's no more than 100kb


Below is some example code showing you file validation being enforced, as described above:

$this->validation_helper->set_rules('my_file', 'file',  'required|allowed_types[txt,csv]|max_size[2000]');

With our validation rules in place, we can now build in some normal form validation code, as follows:

​function submit_upload() {
​  $this->module('trongate_security');
​  $this->trongate_security->_make_sure_allowed();

​  $submit = post('submit');

​  if ($submit == 'Upload') {
​    //let's do some validation...
    $this->validation_helper->set_rules('my_file', 'file',  'required|allowed_types[txt,csv]|max_size[2000]');    

    $result = $this->validation_helper->run();

    if ($result == true) {
      echo 'well done';
    } else {
      //validation error! Present the form again.

​  }

Just To Let You Know
If any of the code above looks confusing, please check out our documentation for the form validation pipe method.  From that page, you'll find a full explanation of how the code above works and even a video tutorial!

Making Sure File Has Been Submitted

In situations where a user hits 'Upload' without selecting a file, they will be presented with an 'invalid file type' error.  If this is not acceptable then the following IF statement can be added onto the beginning of your submit_upload() class:

        if ($_FILES['my_file']['name'] == '') { 

Just To Let You Know
The IF statement above will redirect the user back to the previous page if no file was selected.

Did You Know?
When you submit a file for uploading, using PHP, a $_FILES superglobal array is created.  You can view the contents of this array with either var_dump($_FILES) or json($_FILES).


If you have a question or a comment relating to anything you've see here, please goto the Help Bar.