Php form errors array
PHP returns an appropriate error code along with the file array. The error code can be found in the error segment of the file array that is created during the file upload by PHP. In other words, the error might be found in $_FILES[‘userfile’][‘error’] .
UPLOAD_ERR_OK
Value: 0; There is no error, the file uploaded with success.
UPLOAD_ERR_INI_SIZE
Value: 1; The uploaded file exceeds the upload_max_filesize directive in php.ini .
UPLOAD_ERR_FORM_SIZE
Value: 2; The uploaded file exceeds the MAX_FILE_SIZE directive that was specified in the HTML form.
UPLOAD_ERR_PARTIAL
Value: 3; The uploaded file was only partially uploaded.
UPLOAD_ERR_NO_FILE
Value: 4; No file was uploaded.
UPLOAD_ERR_NO_TMP_DIR
Value: 6; Missing a temporary folder.
UPLOAD_ERR_CANT_WRITE
Value: 7; Failed to write file to disk.
UPLOAD_ERR_EXTENSION
Value: 8; A PHP extension stopped the file upload. PHP does not provide a way to ascertain which extension caused the file upload to stop; examining the list of loaded extensions with phpinfo() may help.
User Contributed Notes 23 notes
Update to Adams old comment.
This is probably useful to someone.
$phpFileUploadErrors = array(
0 => ‘There is no error, the file uploaded with success’ ,
1 => ‘The uploaded file exceeds the upload_max_filesize directive in php.ini’ ,
2 => ‘The uploaded file exceeds the MAX_FILE_SIZE directive that was specified in the HTML form’ ,
3 => ‘The uploaded file was only partially uploaded’ ,
4 => ‘No file was uploaded’ ,
6 => ‘Missing a temporary folder’ ,
7 => ‘Failed to write file to disk.’ ,
8 => ‘A PHP extension stopped the file upload.’ ,
);
This is a handy exception to use when handling upload errors:
class UploadException extends Exception
<
public function __construct ( $code ) <
$message = $this -> codeToMessage ( $code );
parent :: __construct ( $message , $code );
>
private function codeToMessage ( $code )
<
switch ( $code ) <
case UPLOAD_ERR_INI_SIZE :
$message = «The uploaded file exceeds the upload_max_filesize directive in php.ini» ;
break;
case UPLOAD_ERR_FORM_SIZE :
$message = «The uploaded file exceeds the MAX_FILE_SIZE directive that was specified in the HTML form» ;
break;
case UPLOAD_ERR_PARTIAL :
$message = «The uploaded file was only partially uploaded» ;
break;
case UPLOAD_ERR_NO_FILE :
$message = «No file was uploaded» ;
break;
case UPLOAD_ERR_NO_TMP_DIR :
$message = «Missing a temporary folder» ;
break;
case UPLOAD_ERR_CANT_WRITE :
$message = «Failed to write file to disk» ;
break;
case UPLOAD_ERR_EXTENSION :
$message = «File upload stopped by extension» ;
break;
default:
$message = «Unknown upload error» ;
break;
>
return $message ;
>
>
// Use
if ( $_FILES [ ‘file’ ][ ‘error’ ] === UPLOAD_ERR_OK ) <
//uploading successfully done
> else <
throw new UploadException ( $_FILES [ ‘file’ ][ ‘error’ ]);
>
?>
if post is greater than post_max_size set in php.ini
$_FILES and $_POST will return empty
This is probably useful to someone.
array(
0 => «There is no error, the file uploaded with success» ,
1 => «The uploaded file exceeds the upload_max_filesize directive in php.ini» ,
2 => «The uploaded file exceeds the MAX_FILE_SIZE directive that was specified in the HTML form»
3 => «The uploaded file was only partially uploaded» ,
4 => «No file was uploaded» ,
6 => «Missing a temporary folder»
);
?>
I have expanded @adam at gotlinux dot us’s example a bit with proper UPLOAD_FOO constants and gettext support. Also UPLOAD_ERR_EXTENSION is added (was missing in his version). Hope this helps someone.
class Some /**
* Upload error codes
* @var array
*/
private static $upload_errors = [];
public function __construct () // Init upload errors
self :: $upload_errors = [
UPLOAD_ERR_OK => _ ( ‘There is no error, the file uploaded with success.’ ),
UPLOAD_ERR_INI_SIZE => _ ( ‘The uploaded file exceeds the upload_max_filesize directive in php.ini.’ ),
UPLOAD_ERR_FORM_SIZE => _ ( ‘The uploaded file exceeds the MAX_FILE_SIZE directive that was specified in the HTML form.’ ),
UPLOAD_ERR_PARTIAL => _ ( ‘The uploaded file was only partially uploaded.’ ),
UPLOAD_ERR_NO_FILE => _ ( ‘No file was uploaded.’ ),
UPLOAD_ERR_NO_TMP_DIR => _ ( ‘Missing a temporary folder.’ ),
UPLOAD_ERR_CANT_WRITE => _ ( ‘Cannot write to target directory. Please fix CHMOD.’ ),
UPLOAD_ERR_EXTENSION => _ ( ‘A PHP extension stopped the file upload.’ ),
];
>
>
?>
Clarification on the MAX_FILE_SIZE hidden form field and the UPLOAD_ERR_FORM_SIZE error code:
PHP has the somewhat strange feature of checking multiple «maximum file sizes».
The two widely known limits are the php.ini settings «post_max_size» and «upload_max_size», which in combination impose a hard limit on the maximum amount of data that can be received.
In addition to this PHP somehow got implemented a soft limit feature. It checks the existance of a form field names «max_file_size» (upper case is also OK), which should contain an integer with the maximum number of bytes allowed. If the uploaded file is bigger than the integer in this field, PHP disallows this upload and presents an error code in the $_FILES-Array.
The PHP documentation also makes (or made — see bug #40387 — http://bugs.php.net/bug.php?id=40387) vague references to «allows browsers to check the file size before uploading». This, however, is not true and has never been. Up til today there has never been a RFC proposing the usage of such named form field, nor has there been a browser actually checking its existance or content, or preventing anything. The PHP documentation implies that a browser may alert the user that his upload is too big — this is simply wrong.
Please note that using this PHP feature is not a good idea. A form field can easily be changed by the client. If you have to check the size of a file, do it conventionally within your script, using a script-defined integer, not an arbitrary number you got from the HTTP client (which always must be mistrusted from a security standpoint).
When uploading a file, it is common to visit the php.ini and set up upload_tmp_dir = /temp but in the case of some web hostess as fatcow you need to direct not only /tmp but upload_tmp_dir = /hermes/walnaweb13a/b345/moo.youruser/tmp
If not the $_FILES show you an error #6 «Missing a temporary folder
UPLOAD_ERR_PARTIAL is given when the mime boundary is not found after the file data. A possibly cause for this is that the upload was cancelled by the user (pressed ESC, etc).
One thing that is annoying is that the way these constant values are handled requires processing no error with the equality, which wastes a little bit of space. Even though «no error» is 0, which typically evaluates to «false» in an if statement, it will always evaluate to true in this context.
So, instead of this:
——
if( $_FILES [ ‘userfile’ ][ ‘error’ ]) <
// handle the error
> else <
// process
>
?>
——
You have to do this:
——
if( $_FILES [ ‘userfile’ ][ ‘error’ ]== 0 ) <
// process
> else <
// handle the error
>
?>
——
Also, ctype_digit fails, but is_int works. If you’re wondering. no, it doesn’t make any sense.
You ask the question: Why make stuff complicated when you can make it easy? I ask the same question since the version of the code you / Anonymous / Thalent (per danbrown) have posted is unnecessary overhead and would result in a function call, as well as a potentially lengthy switch statement. In a loop, that would be deadly. try this instead:
——
$error_types = array(
1 => ‘The uploaded file exceeds the upload_max_filesize directive in php.ini.’ ,
‘The uploaded file exceeds the MAX_FILE_SIZE directive that was specified in the HTML form.’ ,
‘The uploaded file was only partially uploaded.’ ,
‘No file was uploaded.’ ,
6 => ‘Missing a temporary folder.’ ,
‘Failed to write file to disk.’ ,
‘A PHP extension stopped the file upload.’
);
// Outside a loop.
if( $_FILES [ ‘userfile’ ][ ‘error’ ]== 0 ) <
// process
> else <
$error_message = $error_types [ $_FILES [ ‘userfile’ ][ ‘error’ ]];
// do whatever with the error message
>
// In a loop.
for( $x = 0 , $y = count ( $_FILES [ ‘userfile’ ][ ‘error’ ]); $x < $y ;++ $x ) <
if( $_FILES [ ‘userfile’ ][ ‘error’ ][ $x ]== 0 ) <
// process
> else <
$error_message = $error_types [ $_FILES [ ‘userfile’ ][ ‘error’ ][ $x ]];
// Do whatever with the error message
>
>
// When you’re done. if you aren’t doing all of this in a function that’s about to end / complete all the processing and want to reclaim the memory
unset( $error_types );
?>
How to validate HTML forms using PHP.
In this guide, we are going to show you how to validate HTML forms using PHP.
Whether you like it or not, forms are a major part of every web developer’s life.
If you think about it, most of what we do is based on receiving and validating data that has been sent to us by the client.
To sum it up, we receive data, we validate it, and then we tell our application how to react.
Example HTML form.
We are going to try and keep this as simple as possible.
Below is an example of a very basic HTML form:
Note that we have three fields:
Validating forms with PHP.
In this form, there are four fields that we need to pay attention to.
Their names are “name”, “email”, “extra_info” and “submit.”
That means that we will be dealing with four POST variables called “name”, “email”, “extra_info” and “submit.”
To figure out whether the user has submitted the form, we can use the following piece of code:
In the above example, the isset function checks to see if a POST variable called “submit” exists. If it does exist, then we presume that the user has submitted the form.
To get the values of our text fields, we can do something like this:
In the above snippet, we are using the ternary operator, which basically equates to:
$variableName = (TRUE OR FALSE CONDITION) ? (IF TRUE, DO THIS) : (IF FALSE, DO THIS)
Without using ternary operators, our code would look something like this:
if(isset($_POST['submit'])) < $name = null; if(isset($_POST['name']))< $name = $_POST['name']; >$email = null; if(isset($_POST['email'])) < $email = $_POST['email']; >$extraInfo = null; if(isset($_POST['extra_info'])) < $extraInfo = $_POST['extra_info']; >>
Note that we’re using isset because there is no guarantee that these form fields will exist.
If you attempt to access a POST variable that does not exist, it will cause an undefined index warning.
When doing basic form validation with PHP, it can be useful to set up an errors array that will hold any UI errors that you want to display to the end user.
//Create an empty array. $errors = array(); //If our form has been submitted. if(isset($_POST['submit']))< //Validate our fields and add errors to the $errors array. >
As you can see, $errors is an empty array. It will only contain items if the user has made a mistake.
If the user does fill out the form correctly, then our $errors array will be empty. If the array is not empty, then we can presume that the user has entered an incorrect value:
//Setup an empty array. $errors = array(); //If our form has been submitted. if(isset($_POST['submit'])) < //Get the values of our form fields. $name = isset($_POST['name']) ? $_POST['name'] : null; $email = isset($_POST['email']) ? $_POST['email'] : null; $extraInfo = isset($_POST['extra_info']) ? $_POST['extra_info'] : null; //Check the name and make sure that it isn't a blank/empty string. if(strlen(trim($name)) === 0)< //Blank string, add error to $errors array. $errors[] = "You must enter your name!"; >//Make sure that the email address is valid. if(!filter_var($email, FILTER_VALIDATE_EMAIL)) < //$email is not a valid email. Add error to $errors array. $errors[] = "That is not a valid email address!"; >>
In the above example, you can see that UI errors are added to the $errors array if the user enters a blank/empty name or an invalid email address.
We can use this array to our advantage:
//Setup an empty array. $errors = array(); //If our form has been submitted. if(isset($_POST['submit'])) < //Get the values of our form fields. $name = isset($_POST['name']) ? $_POST['name'] : null; $email = isset($_POST['email']) ? $_POST['email'] : null; $extraInfo = isset($_POST['extra_info']) ? $_POST['extra_info'] : null; //Check the name and make sure that it isn't a blank/empty string. if(strlen(trim($name)) === 0)< //Blank string, add error to $errors array. $errors[] = "You must enter your name!"; >//Make sure that the email address is valid. if(!filter_var($email, FILTER_VALIDATE_EMAIL)) < //$email is not a valid email. Add error to $errors array. $errors[] = "That is not a valid email address!"; >//If our $errors array is empty, we can assume that everything went fine. if(empty($errors)) < //Send email or insert data into database. >>
If you look at the code above, you can see that the form is only processed IF the $errors array is empty. Otherwise, the form data is discarded.
Displaying errors to the user.
Finally, how do we display form errors to the user?
Error(s)!'; foreach($errors as $errorMessage)< echo $errorMessage . '
'; > > ?>
Basically, if the $errors array isn’t empty, then it means that the form didn’t validate properly.