File upload 0 bytes

[tdavis]

This uploads the file but the file has 0 bytes. I know it should work because I have done the exact same thing in other scripts. But this one will not work. I have ENCTYPE in the form (see below), so that is not the problem. Does anyone see anything wrong with this?

<form ENCTYPE="multipart/form-data" action="customerm2.cgi" method="post" name="customerm">

$query = new CGI;
$cgi = new CGI;

$directory_name = $query->param('directory_name');
$photo1 = $query->param('photo1');

print $cgi->header(-type=>'text/html');

if ($photo1 ne "") {
$upload_dir = "../gallery/$directory_name/";
$photo_name = $photo1;
$photo_name =~ s/^.*(\\|\/)//g;
if($photo_name){
open(OUT, ">>$upload_dir/$photo_name") || die print "Fail to upload: $!";
while(<$photo_name>) {
print OUT;
}
close(OUT);
}
}

Thanks!
-tdavis

[CyCo]

You've got a couple of fundamental elements missing.

Code:

$query = new CGI;
#$cgi = new CGI; <- NOT NEEDED - Only using one CGI object

$directory_name = $query->param('directory_name');
$photo1 = $query->param('photo1');

if ($photo1 ne "") {
$upload_dir = "$directory_name/";
$photo_name = $photo1;
$photo_name =~ s/^.*(\\|\/)//g;
if($photo_name){
my $upload = $query->upload('photo1');
open(OUT, ">$upload_dir/$photo_name") || die "Failed to upload: $!"; 
binmode OUT; #Utilizes binary mode for Windows machines
while(<$upload>) {
print OUT;
}
close(OUT);
}
}
print $query->header, "DONE";

I'd recommend that you use the strict pragma and also validate your directory_name input.