> -----Original Message----- > From: fliptop [mailto:[EMAIL PROTECTED]] > Sent: Tuesday, November 27, 2001 2:51 PM > To: [EMAIL PROTECTED] > Subject: upload() returns unexpected results when param is not a file > > > hello list > > i want to return an error to a user if they try submitting text typed > into a file upload field (instead of clicking 'browse' and > pointing to a > file, the user types text into the box). > > from perldoc CGI, i read this: > > When called with the name of an upload field, > upload() returns a filehandle, or undef if the parameter > is not a valid filehandle. > > so i try this code: > > #!/usr/bin/perl -w > > use strict; > use CGI; > use Data::Dumper; > > my $cgi = new CGI; > my $file = $cgi->upload('file'); > print $cgi->header; > print "file: ", Dumper($file); > > exit(); > > the result always contains a ref to a filehandle, no matter what is > provided in the upload field (except if nothing is provided, in which > case it returns undef). am i wrong in assuming it should return undef > when the param is not a real file? > > as a workaround, i have written code to return an error if > uploadInfo() > does not have a 'Content-Type' value.
That's not a workaround; you have to do something like that, because if the user types a bogus file name in the upload field, you get a handle to an empty file. So you either need to check for the content type like you're doing or check that the file contents are what you expect, depending on the application. The handle you get is obviously not a descriptor to the actual client file; it's a handle to a temp file created from the HTTP request body. If they specify a filename that doesn't exist on their system, the browser "uploads" an empty file. -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
