Results 1 to 4 of 4

Thread: Need Help - CGI Script for Upload

  1. #1
    Join Date
    Mar 2003

    Need Help - CGI Script for Upload

    I admit upfront I need Help.

    In a nutshell I would like the Client to be able to upload
    from an HTML to My server, an iSERIES (AS/400).

    From doing some reading I think my best bet would be a
    CGI Script.

    I cannot Find any Examples.

    If You cab help me I would Appreciate it.

  2. #2
    Join Date
    Dec 2002
    High on life
    Did you try looking on http://cgi.resourceindex.com? Or, the direct link to file uploading scripts... http://cgi.resourceindex.com/Program...ile_Uploading/

    Personal website http://www.ryanbrill.com/
    Business website: http://www.infinitywebdesign.com/
    TypeSpace http://www.typespace.org/

    I reject your reality and substitute it with my own!

  3. #3
    Join Date
    Jan 2003
    spartanburg, SC, USA
    The script below let you upload a file to your server.
    You have to change the path suitable for the directory on the server.
    The script will store additional to the uploaded file a file which contain the email address of the sender with the extention email.

    Create a form containing a file input an a email input.

    #!/usr/bin/perl -w
    use CGI;
    $upload_dir = "/home/underone/public_html/uploads";
    $query = new CGI;
    $filename = $query->param("photo" );
    $email_address = $query->param("email_address" );
    $filename =~ s/.*[\/\\](.*)/$1/;
    $upload_filehandle = $query->upload("photo" );

    open UPLOADFILE, ">$upload_dir/$filename";
    while (<$upload_filehandle> ) { print UPLOADFILE; }
    close UPLOADFILE;

    open EMAILFILE, ">$upload_dir/$filename.email";
    print EMAILFILE $email_address;
    close EMAILFILE;

    print $query->header();
    print <<END_HTML;
    <P>Thanks for uploading your photo!</P>
    <P>Your email address: $email_address</P>
    <P>Your photo:</P>
    <img src="/upload/$filename" border="0">

  4. #4
    Join Date
    Nov 2002
    NY, USA
    Just a few comments on that script. First, always use strict and taint mode.

    $filename =~ s/.*[\/\\](.*)/$1/;
    Slashes are not the only special characters used by OSs. It is safer to have a list of characters that you know are allowed and remove all else. Or just encode the entire sequence into a hex string.
    $filename =~ tr/a-zA-Z0-9_.//cd;  # -or-
    $filename = unpack 'H*', $filename;
    open UPLOADFILE, ">$upload_dir/$filename";
    while (<$upload_filehandle> ) { print UPLOADFILE; }
    close UPLOADFILE;
    Always check the return value of open. What if two files are uploaded with the same name? The file should be locked. What if they're uploaded at the same time (known as a race condition)? By default files are written to and read from as text. Use binmode so it is treated as binary data.

    print <<END_HTML;
    This isn't valid HTML. Not really a Perl issue, but still should be fixed.

    This isn't doing anything.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
HTML5 Development Center