You really need to clean up how you output your HTML. The simplest method -- and the one that most Perl programmers start with -- is to use a here document.
print <<END_HTML; <HTML> <HEAD></HEAD> <BODY BACKGROUND="/Assets/Backdrop.gif"> <FORM NAME="Recieve" ENCTYPE="multipart/form-data" ACTION="_main.p +l" METHOD="POST" TARGET="MAIN"> <INPUT TYPE="hidden" NAME="Function" VALUE="Recieve"> <INPUT TYPE="hidden" NAME="UserID" VALUE="$gBuffer[1]"> <INPUT TYPE="hidden" NAME="Signature" VALUE="gBuffer[2]"> <INPUT TYPE="hidden" NAME="Password" VALUE="$gBuffer[3]"> <INPUT TYPE="hidden" NAME="Message" VALUE="$gBuffer[4]"> <TABLE BORDER="0" CELLSPACING="0" CELLPADDING="0" WIDTH="345"> <TR VALIGN="TOP" ALIGN="LEFT"> <TD WIDTH="345"> <P ALIGN="CENTER"><IMG SRC="/Assets/clearpixel.gif" BORDER +="0"> </TD> </TR> <TR VALIGN="TOP" ALIGN="LEFT"> <TD WIDTH="345"> <P ALIGN="CENTER"> <FONT COLOR="#FFFF99">The Full Sized (640x480) Picture:< +/FONT> </p> </TD> </TR> <TR VALIGN="TOP" ALIGN="LEFT"> <TD WIDTH="345"> <P ALIGN="CENTER"> <INPUT TYPE="FILE" NAME="AUT_File" SIZE="25" MAXLENGTH=" +25"> </p> </TD> </TR> <TR VALIGN="TOP" ALIGN="LEFT"> <TD WIDTH="345"> <P ALIGN="CENTER"> <FONT COLOR="#FFFF99">The Small Sized (80x60) Thumbnail: +</FONT> </p> </TD> </TR> <TR VALIGN="TOP" ALIGN="LEFT"> <TD WIDTH="345"> <P ALIGN="CENTER"> <INPUT TYPE="FILE" NAME="THM_File" SIZE="25" MAXLENGTH=" +25"> </p> </TD> </TR> <TR VALIGN="TOP" ALIGN="LEFT"> <TD WIDTH="345"> <P ALIGN="CENTER"> <IMG SRC="/Assets/clearpixel.gif" BORDER="0"> </p> </TD> </TR> <TR VALIGN="TOP" ALIGN="LEFT"> <TD WIDTH="345"> <P ALIGN="CENTER"> <INPUT TYPE="submit" VALUE="Upload"> </p> </TD> </TR> </TABLE> </FORM> </BODY> </HTML> END_HTML
This is much easier to read and only took me a couple of minutes to reformat with a proper editor.
prinet wrote:
when i return to my program with the data from the form i can't seem to find the info (even the hidden stuff for direction).
I'm not sure I understand the question. To get the form data, use the CGI.pm param() method:
use CGI qw/:standard/; my $function = param( 'Function' ); my $userID = param( 'UserID' ); my $signature = param( 'Signature' ); my $password = die "Don't pass passwords to HTML";
Why are you storing the password in a hidden field in the HTML? It's impossible to stop someone from reading it. Please read this basic overview of Web security for more information. Plus, if you read the rest of the course, it should answer many of the questions that you have. For info on uploading files, read the CGI.pm documentation for creating a file upload field. It also describes to to process the file upload.
Cheers,
Ovid
Join the Perlmonks Setiathome Group or just click on the the link and check out our stats.
In reply to (Ovid - big security hole) Re: file uploads
by Ovid
in thread file uploads
by PriNet
| For: | Use: | ||
| & | & | ||
| < | < | ||
| > | > | ||
| [ | [ | ||
| ] | ] |