in reply to Re: perl trouble
in thread Problem with CGI File Upload (was: perl trouble)
assuming of course that your script is called upload.cgi.<form action="upload.cgi" method="POST" enctype="multipart/form-data">
Likewise your file field should look something like this:
If you don't specify your form type with enctype="multipart/form-data" then you'll get your filename in your parameters but no file.<input type="file" name="filename">
On a separate issue, you're running a big risk by not ensuring that the filename you're creating is unique. If you're uploading resumes for example you'll find that many people call their files "resume.doc" and they're all over-write each other. The same can be true of photos and other random files.
The link I gave before pointed to code that should have helped there, but I'll write it out for you here too.
Using upload() is preferrable to using param() because it returns a filehandle which is magical and can act as a string. This means that you can use strict throughout without it complaining about symbolic references.sub uploadfile { use strict; # a good thing to do use File::Basename; my ($q, %user) = @_; # look through all five upload options and # save any uploaded files for (my $i=1; $i<=5; $i++) { my $file = $q->upload("file$i"); next unless $file; # find the filename and it's extension my ($filename, $type) = split '\.', basename($fh); # untaint the filename and extension $filename =~ s/[^A-Za-z0-9_-]//g; $type =~ s/[^A-Za-z0-9_-]//g; my $directory = $user{'site_id'}; # make a unique filename my $i = 0; while(-e "$directory/$filename$i.$type") { $i++; } # this won't write over anything else. my $newfilename = "$directory/$filename$i.$type"; # Write contents of uploaded file to $director +y open(FILE, "> $newfilename") or die "$!\n"; { local $/=""; my $uploaded = <$filename>; print FILE $uploaded; } close FILE or die "$!"; } }
Hope this helps.
jarich
|
|---|