Matt Sergeant wrote:
>
> On Thu, 19 Oct 2000, Alexander Farber (EED) wrote:
>
> > How do you handle uploading files when using multi-paged
> > forms (for example entered text and a picture are previewed
> > before storing into the database and special directory)?
> >
> > Uploaded files can't be passed as hidden fields, right?
> > So do you let your users to upload the same file several
> > times and then delete the temporary files with a cron job?
>
> Not multiple times, but let them upload and store in a temp file, which
> you can store the filename as a hidden field. Use File::MkTemp to create
> the filenames.
And make sure you check its validity, so people can't start probing
other parts of your file system.
--
Tim Sweetman
A L Digital
"we will fix it, we will mend it" --- the mice, _Bagpuss_
