July 25th, 2003, 04:40 PM
Join Date: Jul 2001
Location: Lynn, MA
PLEASE PLEASE PLEASE try looking through the forums. The reason you didn't get an answer is probably because we talk about this all the time.
You were already using CGI.pm. Why did you have to try and use your own broken form parsing code?
Read the CGI.pm docs (google for it). It's a very powerful, simple module that will save you oodles of time.
And by the way, it's an INCREDIBLY bad idea to let a user specify a file name unchecked, as you open your application to directory traversal attacks, and could allow a user to overwrite other's files. Bad idea.
Read the information about security and tainting at the tutorial below.
$upload_dir = "/home/www/your.com/upload_test";
$query = new CGI;
# Hideous form parsing code BE GONE!
$bandopen = $query->param('sendday');
$filename = $bandopen;
$upload_filehandle = $query->upload("photo");
open UPLOADFILE, ">$upload_dir/$filename";
while ( <$upload_filehandle> )
print $query->header ();
<P>Thanks for uploading your photo!</P>
<P>Your email address: $email_address</P>
<img src="/upload_test/$bandopen" border="0">