http://www.perlmonks.org?node_id=148044

PriNet has asked for the wisdom of the Perl Monks concerning the following question:

ovid sent me an "off the top" example how to upload files a couple days ago, to which i have implemented, and obiously it's sending the files (judging by time from page to page). this has helped me get started real good... now... when i return to my program with the data from the form i can't seem to find the info (even the hidden stuff for direction). can someone clue me in to how i process these files (after the files have been selected and "submitted") on the 'return' loop? 
print STDOUT "Content-Type: text/html\n\n";
print STDOUT "<HTML>\n";
print STDOUT "<HEAD>\n";
print STDOUT "</HEAD>\n";
print STDOUT "<BODY BACKGROUND=\"/Assets/Backdrop.gif\">\n";
print STDOUT "<FORM NAME=\"Recieve\" ENCTYPE=\"multipart/form-data\" A
+CTION=\"_main.pl\" METHOD=POST TARGET=\"MAIN\">\n";
print STDOUT "<TABLE BORDER=0 CELLSPACING=0 CELLPADDING=0 WIDTH=345>\n
+";
print STDOUT "<INPUT TYPE=\"hidden\" NAME=\"Function\" VALUE=\"Recieve
+\">\n";
print STDOUT "<INPUT TYPE=\"hidden\" NAME=\"UserID\" VALUE=\"$gBuffer[
+1]\">\n";
print STDOUT "<INPUT TYPE=\"hidden\" NAME=\"Signature\" VALUE=\"gBuffe
+r[2]\">\n";
print STDOUT "<INPUT TYPE=\"hidden\" NAME=\"Password\" VALUE=\"$gBuffe
+r[3]\">\n";
print STDOUT "<INPUT TYPE=\"hidden\" NAME=\"Message\" VALUE=\"$gBuffer
+[4]\">\n";
print STDOUT "<TR VALIGN=TOP ALIGN=LEFT><TD WIDTH=345><P ALIGN=CENTER>
+\n";
print STDOUT "<IMG SRC=\"/Assets/clearpixel.gif\" BORDER=0>\n";
print STDOUT "</TD></TR>\n";
print STDOUT "<TR VALIGN=TOP ALIGN=LEFT><TD WIDTH=345><P ALIGN=CENTER>
+\n";
print STDOUT "<FONT COLOR=\"#FFFF99\">The Full Sized (640x480) Picture
+:</FONT>\n";
print STDOUT "</TD></TR>\n";
print STDOUT "<TR VALIGN=TOP ALIGN=LEFT><TD WIDTH=345><P ALIGN=CENTER>
+\n";
print STDOUT "<INPUT TYPE=FILE NAME=\"AUT_File\" SIZE=25 MAXLENGTH=25>
+\n";
print STDOUT "</TD></TR>\n";
print STDOUT "<TR VALIGN=TOP ALIGN=LEFT><TD WIDTH=345><P ALIGN=CENTER>
+\n";
print STDOUT "<FONT COLOR=\"#FFFF99\">The Small Sized (80x60) Thumbnai
+l:</FONT>\n";
print STDOUT "</TD></TR>\n";
print STDOUT "<TR VALIGN=TOP ALIGN=LEFT><TD WIDTH=345><P ALIGN=CENTER>
+\n";
print STDOUT "<INPUT TYPE=FILE NAME=\"THM_File\" SIZE=25 MAXLENGTH=25>
+\n";
print STDOUT "</TD></TR>\n";
print STDOUT "<TR VALIGN=TOP ALIGN=LEFT><TD WIDTH=345><P ALIGN=CENTER>
+\n";
print STDOUT "<IMG SRC=\"/Assets/clearpixel.gif\" BORDER=0>\n";
print STDOUT "</TD></TR>\n";
print STDOUT "<TR VALIGN=TOP ALIGN=LEFT><TD WIDTH=345><P ALIGN=CENTER>
+\n";
print STDOUT "<INPUT TYPE=\"submit\" VALUE=\"Upload\">\n";
print STDOUT "</TD></TR>\n";
print STDOUT "</TABLE>\n";
print STDOUT "</FORM>\n";
print STDOUT "</BODY>\n";
print STDOUT "</HTML>\n";

[download]
thanx a gigabyte for everyones help learning here....

Replies are listed 'Best First'.
(Ovid - big security hole) Re: file uploads
by Ovid (Cardinal) on Feb 27, 2002 at 22:10 UTC

    You really need to clean up how you output your HTML. The simplest method -- and the one that most Perl programmers start with -- is to use a here document.

    print <<END_HTML;
<HTML>
  <HEAD></HEAD>
  <BODY BACKGROUND="/Assets/Backdrop.gif">
    <FORM NAME="Recieve" ENCTYPE="multipart/form-data" ACTION="_main.p
+l" METHOD="POST" TARGET="MAIN">
      <INPUT TYPE="hidden" NAME="Function" VALUE="Recieve">
      <INPUT TYPE="hidden" NAME="UserID" VALUE="$gBuffer[1]">
      <INPUT TYPE="hidden" NAME="Signature" VALUE="gBuffer[2]">
      <INPUT TYPE="hidden" NAME="Password" VALUE="$gBuffer[3]">
      <INPUT TYPE="hidden" NAME="Message" VALUE="$gBuffer[4]">
      <TABLE BORDER="0" CELLSPACING="0" CELLPADDING="0" WIDTH="345">
        <TR VALIGN="TOP" ALIGN="LEFT">
          <TD WIDTH="345">
            <P ALIGN="CENTER"><IMG SRC="/Assets/clearpixel.gif" BORDER
+="0">
          </TD>
        </TR>
        <TR VALIGN="TOP" ALIGN="LEFT">
          <TD WIDTH="345">
            <P ALIGN="CENTER">
              <FONT COLOR="#FFFF99">The Full Sized (640x480) Picture:<
+/FONT>
            </p>
          </TD>
        </TR>
        <TR VALIGN="TOP" ALIGN="LEFT">
          <TD WIDTH="345">
            <P ALIGN="CENTER">
              <INPUT TYPE="FILE" NAME="AUT_File" SIZE="25" MAXLENGTH="
+25">
            </p>
          </TD>
        </TR>
        <TR VALIGN="TOP" ALIGN="LEFT">
          <TD WIDTH="345">
            <P ALIGN="CENTER">
              <FONT COLOR="#FFFF99">The Small Sized (80x60) Thumbnail:
+</FONT>
            </p>
          </TD>
        </TR>
        <TR VALIGN="TOP" ALIGN="LEFT">
          <TD WIDTH="345">
            <P ALIGN="CENTER">
              <INPUT TYPE="FILE" NAME="THM_File" SIZE="25" MAXLENGTH="
+25">
            </p>
          </TD>
        </TR>
        <TR VALIGN="TOP" ALIGN="LEFT">
          <TD WIDTH="345">
            <P ALIGN="CENTER">
              <IMG SRC="/Assets/clearpixel.gif" BORDER="0">
            </p>
          </TD>
        </TR>
        <TR VALIGN="TOP" ALIGN="LEFT">
          <TD WIDTH="345">
            <P ALIGN="CENTER">
              <INPUT TYPE="submit" VALUE="Upload">
            </p>
          </TD>
        </TR>
      </TABLE>
    </FORM>
  </BODY>
</HTML>
END_HTML

    [download]

    This is much easier to read and only took me a couple of minutes to reformat with a proper editor.

    prinet wrote:

    when i return to my program with the data from the form i can't seem to find the info (even the hidden stuff for direction).

    I'm not sure I understand the question. To get the form data, use the CGI.pm param() method:

    use CGI qw/:standard/;

my $function  = param( 'Function' );
my $userID    = param( 'UserID' );
my $signature = param( 'Signature' );
my $password  = die "Don't pass passwords to HTML";

    [download]

    Why are you storing the password in a hidden field in the HTML? It's impossible to stop someone from reading it. Please read this basic overview of Web security for more information. Plus, if you read the rest of the course, it should answer many of the questions that you have. For info on uploading files, read the CGI.pm documentation for creating a file upload field. It also describes to to process the file upload.

    Cheers,
    Ovid

    Join the Perlmonks Setiathome Group or just click on the the link and check out our stats.

[reply]
[d/l]
[select]
      if it isn't obvious? i am new to perl... thanx for the format scheme...MUCH easier to read...(lol)... i'll attack the cgi.pm issue when i get home tonight and see how that works. will it create a conflict if i read the posted form data prior to using the cgi.pm? my script returns to itself numerous time with different "functions". (oh...btw? i dont "GET" passwords...(*heh*) only POST them...i'm aware of the ?data=test carries the data in the url...not too secure...lol...it gets blanked then reread from the members file by userid....) thanx again...lemmie try to crash my server tonight with the new info.....
[reply]
        addendum:: i read your security info... POST can be extracted as well when it's read from a userfile for comparison when posted into the script? hmmm... be aware gary...be VERY aware...thanx again ovid....
[reply]

Back to Seekers of Perl Wisdom