There actually are a lot of things you can do with this that are not obvious and are consistent with what seems to be impossible. You can actually get around almost all of the restrictions on <input type='file'> without breaking security. You just create GUI facades with span styles. This can allow you to actually make a person think they are uploading a file when in fact they are just sending the file name to the server, etc. This is also used to insert images in the place of file upload browser based buttons.
Jack On Wed, 22 Dec 2004 00:11:26 -0600, Eddie Bush <[EMAIL PROTECTED]> wrote: > Uma, > > When your user submits the form that they've used to select the file > they want to upload, you'll have to upload it - right then. AFAIK, > there's not a way to, at some later point in time, poke a value into a > html:file input field -- per the HTML spec, I believe. > > You have to upload the file when they choose it. > > I *could* be wrong, but I don't think I am. You could give the user > the ability to "finalize" their selection by showing a confirmation > page prior to actually committing the image (saving it to DB or > whatever you're doing iwth it). > > I could be wrong about this, but I'm fairly sure I'm not. If I am, > someone will no doubt let me know. > > If I recall correctly, this is a kind of security measure. Imagine > someone going to a site, and that site filling in an html:file with > some file that could expose their machine to a hacker attack. The > site grabs the file without the user choosing it because they clicked > a submission button. That's a definite bad thing to do IMHO, and is > likely why it is disallowed. > > On Tue, 21 Dec 2004 21:22:01 -0800, Dakota Jack <[EMAIL PROTECTED]> wrote: > > Hi, Uma, > > > > Let's start over. Forget about anything but telling me from a user's > > point of view what you want to do. You have a user using a browser > > and wanting to do something with files. If the file is on the server, > > then we are talking about a download. If the file is on the client > > (user machine), then we are talking about an upload. Tell me what the > > user wants to do with the files. From what you have said I might > > guess right, but I cannot know for sure. > > > > Jack > > > > -- > > "You can lead a horse to water but you cannot make it float on its back." > > > > ~Dakota Jack~ > > > > "You can't wake a person who is pretending to be asleep." > > > > ~Native Proverb~ > > > > "Each man is good in His sight. It is not necessary for eagles to be crows." > > > > ~Hunkesni (Sitting Bull), Hunkpapa Sioux~ > > > > ----------------------------------------------- > > > > "This message may contain confidential and/or privileged information. > > If you are not the addressee or authorized to receive this for the > > addressee, you must not use, copy, disclose, or take any action based > > on this message or any information herein. If you have received this > > message in error, please advise the sender immediately by reply e-mail > > and delete this message. Thank you for your cooperation." > > -- > Eddie Bush > -- "You can lead a horse to water but you cannot make it float on its back." ~Dakota Jack~ "You can't wake a person who is pretending to be asleep." ~Native Proverb~ "Each man is good in His sight. It is not necessary for eagles to be crows." ~Hunkesni (Sitting Bull), Hunkpapa Sioux~ ----------------------------------------------- "This message may contain confidential and/or privileged information. If you are not the addressee or authorized to receive this for the addressee, you must not use, copy, disclose, or take any action based on this message or any information herein. If you have received this message in error, please advise the sender immediately by reply e-mail and delete this message. Thank you for your cooperation." --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
