> If there is a better way I am very interested in learning it. I am a
> very basic programmer.
The CGI.pm docs mention say:
To be safe, use the upload() function (new in version
2.47). When called with the name of an upload field,
upload() returns a filehandle, or undef if the parameter
is not a valid filehandle.
$fh = $query->upload('uploaded_file');
while (<$fh>) {
print;
}
This is the recommended idiom.
(end quote)
Off hand, I'm not sure what is wrong with your code. Here's a segment
from a program I have that does it. Note that Taint checking is your
friend, and that you should be very careful what you let the user pass
through:
sub Upload_File {
my $self = shift;
my $q = $self->query();
my $tainted_filename = $q->param('Incoming_File');
return $self->Default_Page() unless $tainted_filename;
my $untainted_filename = $tainted_filename;
$untainted_filename=~s/.*[\/\\]//;
($untainted_filename) = $untainted_filename =~ /([\w][\w-_. ]*)/; #detaint
if($untainted_filename){
my $fh = $q->upload('Incoming_File');
if (not $fh){
$self->append('Message',"$tainted_filename had an error<br>");
} else {
my $outputfh = IO::File->new();
if ($outputfh->open(">".$self->param('Base_Directory').$untainted_filename)){
while(my $line = <$fh>){
print $outputfh $line;
}
$outputfh->close();
chmod 0664, $self->param('Base_Directory').$untainted_filename;
$self->append('Message',"$tainted_filename uploaded as
$untainted_filename<br>");
} else {
$self->append('Message',"Could not open $untainted_filename<br>");
}
}
} else {
$self->append('Message',"File error on $tainted_filename<br>");
}
$self->Default_Page();
}
Upload_File is one of my run-modes. Note that the append() function is my
own. I also have a few paramaters (Base_Directory) that have been set up
in advance.
I can't guarantee this is bug free, but it works for me.
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
