When you request a file via <input type="file" name="f1"/>, what you get back in your parameters is browser dependent. IE7 (and IE8?) sends the full local path name. Firefox only sends back a relative local path name. So this isn't likely a CGI problem at all. Some developers feel that providing the full path name might violate your privacy and make your machine less secure. If "MyData.xml" is stored in "C:/Hotties/MyPics/MyData.xml" or "C:/HouseholdFinances/MyData.xml", you might not be terribly happy sending the absolute path to the server at your company or that new file sharing site you are trying out.

I don't do much web work, but there are various solutions posted across the internet. According to the standard for the input tag's FILE type (see RFC 1867), the browser is supposed to send the file contents to the server as the mime type "multipart/form-data". The file name is in fact optional and the only requirement in the RFC is that enough of the name should be sent so that cross linked files can be properly cross referenced. The RFC is a bit vague on what exactly that means. Apparently support for the RFC tends to vary among browsers. You can get details on support per browsers and various alternatives at http://www.cs.tut.fi/~jkorpela/forms/file.html.

One option is to skip the <input> tag altogether and use some custom client-side java script to prompt the user and send the full path. However, some users disable javascript as a matter of policy, so you'll need to check with your users if you go that route.

Hopefully, monks with more practical experience than I will post and explain what they have found worked for them.

Best, beth

Update: CGI's upload() method returns a file handle to a stream containing the file contents. Please see CGI for details (search for the phrase: To be safe, use the upload() function). If you need more, Unforgiven's link in the note above also has examples of what works and what doesn't.