Ok great this is smooth!!! thumbs up to python+web2py!!!
On Tue, Feb 25, 2014 at 8:00 AM, Massimo Di Pierro <
massimo.dipie...@gmail.com> wrote:
> $filename = $_FILES["file"]["name"];
> move_uploaded_file($_FILES["file"]["tmp_name"], "uploaded/".$filename);
>
> would be:
>
> import shutil, os
> filename = request.post_vars.file.filename
> shutil.copyfileobj(request.post_vars.file.file,
> open(os.path.join(uploaded,filename),'w'))
>
> This is very UNSAFE (both in python/web2py and in PHP). It can be used by
> the user to overwrite almost any file on the filesystem. The filename has
> to be sanitized.
>
> On Monday, 24 February 2014 01:35:02 UTC-6, software.ted wrote:
>>
>> I am extremely stuck on how to manage uploaded file, I have been working
>> with web2py now for over a year and I like its flexibility, I have been
>> working on an application that is ajax based using my own file. Now i have
>> the following scenario i need help with:
>>
>> DB
>> =======
>>
>> db.create_table("person", Field("first_name"), Field("photo", "upload"),
>> ...)
>>
>> Controller:
>>
>> def manage_person():
>> try:
>> value = db.person.update_or_insert(id == request.vars.id,
>> first_name=request.vars.first_name, photo=request.vars.photo, ...)
>> except ...:
>>
>> return value
>>
>> Now my question is how do i move the upaded image to say the upload
>> folder, i was thinking web2py will put the physical image in upload folder
>> according to documentation but unfortunately folder is empty. The DB hower
>> gets updated with a the following: C:\fakepath\xxxx.jpg.
>>
>> Any ideas?
>>
>> Kind regards,
>>
>>
>>
>> --
>> ............................................................
>> ...........................
>> Teddy Lubasi Nyambe
>> Opensource Zambia
>> Lusaka, ZAMBIA
>>
>> Cell: +260 97 7760473
>> website: http://www.opensource.org.zm
>>
>> ~/
>> Human Knowledge belongs to the world! - AntiTrust
>>
>> Man is a tool-using animal. Without tools he is nothing, with tools he is
>> all - Thomas Carlyle 1795-1881
>>
>> /~
>>
> --
> Resources:
> - http://web2py.com
> - http://web2py.com/book (Documentation)
> - http://github.com/web2py/web2py (Source code)
> - https://code.google.com/p/web2py/issues/list (Report Issues)
> ---
> You received this message because you are subscribed to the Google Groups
> "web2py-users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to web2py+unsubscr...@googlegroups.com.
> For more options, visit https://groups.google.com/groups/opt_out.
>
--
.......................................................................................
Teddy Lubasi Nyambe
Opensource Zambia
Lusaka, ZAMBIA
Cell: +260 97 7760473
website: http://www.opensource.org.zm
~/
Human Knowledge belongs to the world! - AntiTrust
Man is a tool-using animal. Without tools he is nothing, with tools he is
all - Thomas Carlyle 1795-1881
/~
--
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
---
You received this message because you are subscribed to the Google Groups
"web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to web2py+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.
