in reply to Re: Re: Get vs. POST in CGI.pm
in thread Get vs. POST in CGI.pm

How is the error checking not working? It fails when used with a GET. Which it should since it is impossible to upload a file without using POST and multipart/form-data encoding. upload() returns the filehandle or undef if there was a failure.

Are you saying that upload() always succeeds with POST? What are you trying to cause it to fail? upload does not care about the file name. CGI.pm saves the data in a temporary file. You need to validate the file name if you want; it is accessible through param. 

my $filename = $cgi->param('filename');
my $fh = $cgi->upload('filename');
my $type = $cgi->uploadInfo($filename)->{Content-Type};

[download]

Replies are listed 'Best First'.
Re: Re: Re: Re: Get vs. POST in CGI.pm
by Anonymous Monk on Sep 24, 2003 at 01:50 UTC

    You hit the issue right on:

    Are you saying that upload() always succeeds with POST?

    I tried to make it fail by passing it garbage file names. My understanding was that upload would return undef if it could not create a valid file-handle. And, if the file didn't exist, how could there be a valid file-handle? Instead, though, when I POST upload would return a string containing whatever string I passed in from the HTML form.

    Now, I was able to validate by using either ->{Content-Type} or by using a regex to see if there was a directory trailing (not sure how many OS's do that, so I don't recommend it, but everything I tested did it).

    My question remains, though: why is upload passing me that string instead of undef like the docs seem to say it will?

[reply]
[d/l]
[select]

In Section Seekers of Perl Wisdom