Robert C Niculita <rniculita@ameritech.net> wrote: >my first request >to you is about file upload feature. can someone help me understand how >to write a script that will upload an image ( JPEG or GIF ). Since you address this to the webcgi list, I assume you don't mean uploading via FTP. Let's say you mean uploading by a visitor to your Web site, using an HTML input form. I have several sites through which users may upload files, including images. It requires both the correct scripts on the server and certain features in your form, plus a little awareness of security issues: 1. Your script has to be capable of correctly processing "multi-part" form data. This takes some looping and tracking until the whole file all the way to EOF is collected by the script. 2. Your HTML form must have something along these lines: <form method='POST' enctype='multipart/form-data' action=[path/script.cgi]> <P>File to upload: <input type=file> ... </form> The relevant things here are the attribute enctype='multipart/form-data' in the opening <form> tag, and the input widget <input type=file> within the form. This was originally a Netscape 2.0 feature, so only the newer versions of Explorer (4.0+) allow it; thus, Web surfers in much of the world won't be able to do it. (I haven't tried it with iCAB yet.) 3. Because of security concerns, the file and its name have to be handled correctly. Generally, the file should be placed on the server as a temp file and then read and processed and/or copied to the directory in which you want it to live; the temp file is deleted as soon as the CGI exits. The name should be created by your script, not provided by the user (or their computer). If you really want to allow the user to provide the filename, then you should do some taint-check processing on the name. Another security precaution I take is to gate the Web site, so 'not just anybody' can upload. Seems to me I've heard that some server administrators disallow file uploads, but these are ones who probably also disallow custom CGIs in general. The best Perl approach is to use cgi-lib.pl by Steve Brenner or CGI.pm by Lincoln Stein. Books and web sites about both. Get recent versions; only the newer versions have been tweaked to work with both browsers consistently. Ain't simple, but can be very handy. Non-geek users love it when by two clicks they can see their dog's picture on the Web. You could upload the dog's bark, too. (I don't actually work with dog images online, but you you get the, er, picture...) CGI.pm can hide all of the gory details from you, if a bit paternalistically (but really, THANKS, Dr. Stein!). Good luck! - Bruce ~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Bruce Van Allen bva@cruzio.com 831/429-1688 P.O. Box 839 Santa Cruz, CA 95061 ==== Want to unsubscribe from this list? ==== Send mail with body "unsubscribe" to macperl-webcgi-request@macperl.org