-----------------------------
Please read the FAQ!
<http://java.apache.org/faq/>
-----------------------------
Durga Panda wrote:
> -----------------------------
> Please read the FAQ!
> <http://java.apache.org/faq/>
> -----------------------------
>
> >our site uses html form to capture data which is send to the servlet
> >at the backend; our websrver is Apache and servlet support is through
> >Apache Jserv...
> >
> >My questions are:
> >when a visitior to our site uploads a file to our server through the HTML
> ><input name="myfile" type="file"> kind of tag;
> >1. In my servlet how I can pull the file and save in my server
Use one of the servlets that process "multipart/form-data" input, such as the
one in Jason Hunter's book. In fact, nothing will happen to the file data
unless your servlet does something with it.
To save it on your server, simply open a FileOutputStream (to whatever
filename you want) and copy all of the bytes of the input data.
>
> >2. How I can check it is a pure HTML (no malacious other type of programs)
> >or pure image files like .jpg, .gif etc;
Besides extension checking, you would need to know the details of the file
format you are checking for. For HTML, you could try to parse it with an HTML
parser, or scan for non-character data.
For an image file, one thing you might try is loading it with a graphics
library that supports that image format. If you can load successfully, then
the format is probably OK -- otherwise the library will choke and say
"incorrect format" or something like that.
>
> >I could check for the file extension but is there any better way to
> >makesure these are pure .html, .jpg, .gif files and are not any malacious
> >programs...
>
After have checked the file contents and saved it, you will want to save it
with the correct extensions -- even if the person uploading the file didn't.
The reason is that web servers are normally configured to look up the content
type on the files they serve based on filename extension (check yours to make
sure).
As an example, I also allow uploading of image files to my server, but Windows
users tended to be sloppy about lower case extensions -- they would upload
something like "IMAGE.GIF" instead of "image.gif". They wondered why they
couldn't see the image when they downloaded it again, until I modified my
Apache setup to recognize both ".gif" and ".GIF".
> >
> >I will highly apreciate your valuable suggestions...
> >
> >Many Thanks...
> >(Durga Panda)...
>
Craig McClanahan
--
--------------------------------------------------------------
Please read the FAQ! <http://java.apache.org/faq/>
To subscribe: [EMAIL PROTECTED]
To unsubscribe: [EMAIL PROTECTED]
Archives and Other: <http://java.apache.org/main/mail.html>
Problems?: [EMAIL PROTECTED]
