File Upload with CGI (Again)

DougYoung has asked for the wisdom of the Perl Monks concerning the following question:

I am trying ( fr the first time after programming cgi for 20 years) to actualy upload a file using a form and CGI.pm The result of my upload is the right file, in the right place, but empty.

$filename = $query->param("Resume_File");
$filename =~ s/.*[\/\\](.*)/$1/;
$upload_filehandle = $query->upload("Resume_File");
open UPLOADFILE, ">$upload_dir/$filename";

#while ( <$upload_filehandle> )
while ( <$filename> )
{
print UPLOADFILE $_;
}

close UPLOADFILE;
[download]

Any ideas what i am doing wrong?

Update

Solved this... I had missed the mixed multipart thing in the form tag. Working great now DY

Comment on File Upload with CGI (Again) Download Code

Replies are listed 'Best First'.
Re: File Upload with CGI (Again) by Corion (Patriarch) on Jun 01, 2015 at 14:03 UTC
`$filename = $query->param("Resume_File"); $filename =~ s/.[\/\\](.)/$1/; open UPLOADFILE, ">$upload_dir/$filename";` [download] Please, never use user-supplied input to create a filename on the local system. For example the following parameters could overwrite or create other files with content chosen by the user: `Resume_File=/../myscript.pl Resume_File=/./.htaccess` [download] If you think you really, really must create files with the name supplied by the user instead of keeping the "filename" in the database, consider explicitly keeping only a set of known good characters, like `[a-zA-Z0-9\.]` or something. Text::CleanFragment tries to do something like that, but before using it to create things in the filesystem, I would still look at storing the metadata in a database.	[reply] [d/l] [select]
Re: File Upload with CGI (Again) by Anonymous Monk on Jun 01, 2015 at 13:53 UTC
`while ( <$filename> )` That's not right, `<$fh>` needs a filehandle to read from, why did you comment out the preceding line? Have you read "Processing a file upload field" in the documentation?	[reply] [d/l] [select]
Re^2: File Upload with CGI (Again) by DougYoung (Initiate) on Jun 01, 2015 at 14:13 UTC
Because it wasnt working either :)	[reply]
Re: File Upload with CGI (Again) by trippledubs (Deacon) on Jun 01, 2015 at 16:04 UTC
Here is a very simple multiple file upload example using Mojolicious. It is the new CGI-replacing hotness. Mojolicious has built in web server, templating system, easy to scale, no dependencies, logging, sessions, and best of all really easy to use. Re: Handling multiple file upload with Mojo Mojolicious::Guides::Tutorial Is CGI.pm dead? --Updated link	[reply]
Re: File Upload with CGI (Again) by marinersk (Priest) on Jun 01, 2015 at 19:27 UTC
Solved this... I had missed the mixed multipart thing in the form tag. Working great now DY ~~Solved what? There's no question here.~~ You didn't edit away the question, did you? Please don't do that. Part of the point of PerlMonks is that someone else might have the same problem you had, and can find the answer if you leave the question intact. Update: Thank you for reinserting the original question. You have done the world a Service.	[reply]


Do you know where your variables are?
	PerlMonks