Let’s say you have an HTML form with 3 file inputs named certificate[], and you want to make them all required. Should be pretty easy, right?
A reasonable approach might be to use the array dot notation in your validation rules:
<?php
$rules = [
'certificate.*' => [
'required',
],
];
This does not work as expected, however. Why? If a file upload is empty, it’s not even part of the Laravel Request that gets validated by your rules. The certificate.* rule means “for every element in the certificate array, that element should be required”, but if certificate doesn’t even exist on your Request, then this rule will pass.
Let’s figure out what’s going on. First thing to check: what is the browser doing? Maybe it’s not even sending in the form field as part of its request if the file upload is empty. Checking my browser’s Network tab, I see that the form fields are indeed present:
Next, what about PHP? Does it include empty files in the $_FILES superglobal? Sure enough, $_FILES contains a certificate array with 3 elements, one for each of my empty file inputs:
array:1 [▼
"certificate" => array:5 [▼
"name" => array:3 [▶]
"type" => array:3 [▶]
"tmp_name" => array:3 [▶]
"error" => array:3 [▶]
"size" => array:3 [▶]
]
]
Let’s also add an array of 3 empty text inputs called name[] and look at the Laravel Request object:
// output of $request->input()
array:2 [▼
"_token" => "eSGJ05lCLWLFZ1zCGxlP2rYxgy7FyZT6Yg8Fjawa"
"name" => array:3 [▼
0 => null
1 => null
2 => null
]
]
// output of $request->file()
[]
So an array of empty text fields is present in the request, but our array of empty file inputs is nowhere to be found. Why does it disappear?
If we dig into how a Request is created, we find our answer. When a Request is initialized, it is passed in all the PHP-provided super globals like $_GET, $_POST, $_FILES, and so on. Internally, that $_FILES parameter is initialized as a Symfony FileBag object. When that FileBag is initialized, each element is passed through the convertFileInformation function. Among other things, it restructures this array into a more consistent shape, but notice this relevant bit of code:
<?php
if (\UPLOAD_ERR_NO_FILE == $file['error']) {
$file = null;
} else {
$file = new UploadedFile($file['tmp_name'], $file['name'], $file['type'], $file['error'], false);
}
Even though PHP has all the empty file objects in $_FILES, each one of them has an error value set to 4, which matches the UPLOAD_ERR_NO_FILE constant and therefore the initialized FileBag is empty. Finally, we’ve found it! This is the spot where those files disappear!
I’m sure you found this as interesting as I did, but let’s get back to the original validation scenario. We have a form with an array of 3 file inputs, and we want all of them to be required. How do we do this?
<?php
$rules = [
'certificate' => [
'required',
'array',
'size:3',
],
'certificate.*' => [
// any other sort of file validation we want to do on each element
'file',
'mimes:pdf',
'size:4096',
]
]
By pairing a set of rules on the main array as well as using dot notation to set rules on each array element, we get the validation behavior we want.