Stamp_Guy has asked for the wisdom of the Perl Monks concerning the following question:

Hey: I recently was working on modifying an uploading script so it could take multiple files at once, but for some reason, when it "uploads", all it does is create a blank file with the appropriate name in the appropriate directory. Here is my code. Could someone tell me what I'm doing wrong?

PERL CODE: 

#!c:\perl\bin\perl.exe
$| = 1; #Not sure what it does, but it works :) 

#starts the cgi.pm mod 
use CGI qw(:standard); 
$cgi = new CGI; 
#get the form data 
$file1 = $cgi->param('file1'); 
$file2 = $cgi->param('file2');
$file3 = $cgi->param('file3');
$file4 = $cgi->param('file4');
#directory you want to upload to 
$dir = "c:/windows/desktop"; 

push @files, ("$file1","$file2","$file3","$file4");

foreach $file (@files) {
#file_type not necessary but can be useful info 
#if your wanting to limit uploads to a certain 
#type of file 
$file_type = $cgi->uploadInfo($file)->{'Content-Type'}; 

$file=~m/^.*(\\|\/)(.*)/; # strip the remote path and keep the filenam
+e 
$name = $2; 

#My understanding gets real iffy from here on in 
#however it does work in the exact format below 
open(LOCAL, ">$dir/$name") or die $!; #open file 
undef $bytesread; 
undef $buffer; 

# binmode is only necessary on win32 servers but 
#it won't hurt with unix so might as well leave it 
binmode LOCAL; 
while ($bytes = read($file,$buffer,1024)) { 
$bytesread += $bytes; 
print LOCAL $buffer; 
} 
close($file); 
close(LOCAL); 
chmod(0666,"$dir\/$name"); 

print $cgi->header(); #prints the header stuff 

#$bytesread holds the value of the size of the 
#file in bytes. Useful if you want to restrict 
#size of uploaded files 
print "Successful Upload<p>File:$file ($file_type, $bytesread bytes)<B
+R>\n"; 
}
exit; #exit's script

[download]

HTML CODE: 

<HTML>
<HEAD>
    <TITLE>Upload a File Through the WWW</TITLE>
</HEAD>
<BODY BGCOLOR="#FFFFF">
<H1><TT><B>File Upload!</B></TT></H1>
<P>
To upload a file through the WWW, fill out the form below:
<form method="POST" action="upload.cgi" ENCTYPE="multipart/form-data">
+ 
<body bgcolor=black text=black> 

File: <input type="file" name="file1"><br> 
File: <input type="file" name="file2"><br> 
File: <input type="file" name="file3"><br> 
File: <input type="file" name="file4"><br> 
<input type="submit" value="UPLOAD"> 
</form> 

</BODY>
</HTML>

[download]

Replies are listed 'Best First'.
Re: Uploading Script Errors
by Fastolfe (Vicar) on Nov 12, 2000 at 00:58 UTC
    Check out the CGI documentation, notably the section devoted to handling file uploads. There are lots of examples there. Basically, you're not reading the file data correctly. 
    my $file1 = $cgi->param('file1');
...
read($file1, $buf, ...);   # $file1 is a file handle!
$line = <$file1>;          # another example

    [download]
    Also, since you are mucking around with files and open calls with user-provided data, I strongly suggest you read perlsec and run your script with taint-checking (-T) enabled.

    In addition, you could use some better error checking with your read call. Check to see if $bytes is defined, and if not, consider that an error and report it as such (with details in $!).

    Hope this helps.

[reply]
[d/l]
[select]
Re: Uploading Script Errors
by chromatic (Archbishop) on Nov 12, 2000 at 01:24 UTC
    I agree with Fastolfe, and think I can diagnose the symptom.

    When you put the filehandles into an array, you're stringifying them, which keeps the name but removes the filehandle magic. I'd rather do this: 

    foreach my $param (qw( file1 file2 file3 file4 )) {
    my $file = $query->param('param');
    # everything else as before
}

    [download]
    This way, you don't have to create extra variables with numeric suffixes (always a bad sign). Another approach would be to use an array to hold these in the beginning, or just get rid of the double quotes around the variables -- that's what's the real problem, I'm sure of it.
[reply]
[d/l]

Back to Seekers of Perl Wisdom