in reply to Re: email and upload
in thread email and upload

This is almost correct....the value of $query->param('file') is a filehandle to the file to be uploaded, which in scalar context yields the name of the file. From my limited experience (under SpeedyCGI on Linux), the file isn't even uploaded at the point you do that, but only when you try to read from the filehandle.

From the CGI manpage:

When the form is processed, you can retrieve the entered filename by calling param(): 
       $filename = $query->param('uploaded_file');

[download]

Different browsers will return slightly different things for the name. Some browsers return the filename only. Others return the full path to the file, using the path conventions of the user's machine. Regardless, the name returned is always the name of the file on the user's machine, and is unrelated to the name of the temporary file that CGI.pm creates during upload spooling (see below).

The filename returned is also a file handle. You can read the contents of the file using standard Perl file reading calls: 

    # Read a text file and print it out
    while (<$filename>) {
       print;
    }    # Copy a binary file to somewhere safe
    open (OUTFILE,">>/usr/local/web/users/feedback");
    while ($bytesread=read($filename,$buffer,1024)) {
       print OUTFILE $buffer;
    }

[download]

However, there are problems with the dual nature of the upload fields. If you use strict, then Perl will complain when you try to use a string as a filehandle. You can get around this by placing the file reading code in a block containing the no strict pragma. More seriously, it is possible for the remote user to type garbage into the upload field, in which case what you get from param() is not a filehandle at all, but a string.

To be safe, use the upload() function (new in version 2.47). When called with the name of an upload field, upload() returns a filehandle, or undef if the parameter is not a valid filehandle. 

     $fh = $query->upload('uploaded_file');
     while (<$fh>) {
       print;
     }

[download]

In an array context, upload() will return an array of filehandles. This makes it possible to create forms that use the same name for multiple upload fields.

This is the recommended idiom.

When a file is uploaded the browser usually sends along some information along with it in the format of headers. The information usually includes the MIME content type. Future browsers may send other information as well (such as modification date and size). To retrieve this information, call uploadInfo(). It returns a reference to an associative array containing all the document headers. 

       $filename = $query->param('uploaded_file');
       $type = $query->uploadInfo($filename)->{'Content-Type'};
       unless ($type eq 'text/html') {
      die "HTML FILES ONLY!";
       }

[download]

If you are using a machine that recognizes "text" and "binary" data modes, be sure to understand when and how to use them (see the Camel book). Otherwise you may find that binary files are corrupted during file uploads.

Sorry for the long excerpt.

--roundboy

In Section Seekers of Perl Wisdom