Hi Jim,
At Wed, 7 Mar 2001 20:11:15 +0100, Gerald Richter <[EMAIL PROTECTED]> wrote:
>>
>> In the second pass, I display the data back to the user
>>
>> while (@buffer = <$UserFile>) {print "<P> $buffer";}
>>
>> and put up a button which will submit a hidden field to indicate the user
>> has accepted the data.
>>
>> print "<FORM METHOD=POST ACTION='myprogram.mpl'>";
>> print "<INPUT TYPE=HIDDEN NAME='UserFile' VALUE='$UserFile'>";
>
>You cannot pass a file within a hidden field, actualy here you pass only the
>filename not the content of the file. You have to safe the file to a unique
>name to the server and pass this name to the next request, but keep in mind
>that anybody can play around with this name and sends back a different one.
>You should make sure that, you don't create a security whole in this way. On
>the third request you can use this filename and open the file localy.
Alternatively, you could read in the whole file and store it in the hidden field. The
only disadvantages is with large files and/or binary data...
You could also look at using sessions, which are really easy to use with embperl...
Regards,
Wim Kerkhoff
