Combining form FILE and TEXT input 1

lagerplease · Jan 2, 2003

I'm using a form to send data and files to a PERL script. In the FORM tag I've specified ENCTYPE=MULTIPART/FORM-DATA but it then doesn't seem to recognise any of the text input fields. I've added ACCEPT=TEXT/PLAIN, IMAGE/JPEG and it still doesn't work. When I get rid of all the above tags it recognises the text fields but the files are uploaded with a 0 file size.

Can you only submit text OR files using a single HTML form? Surely not!

Any help would be appreciated.

lagerplease · Jan 2, 2003

... let me elaborate. Specifically, it's ignoring the hidden input fields which force the script to perform different functions.

joezapp · Jan 3, 2003

I'm guessing you're trying to create an upload file form and perl script.

rather than trying to find where you're going wrong I'll post what works for me. I haven't tested what I've posted it but it should be pretty self explanatory.

any problems / further questions let me know

cheers and good luck

Joe

##### PERL SCRIPT ###################################
#
# requires a number of parameters set in the form:
#
# DIR: the directory on the webserver the files are to placed into
# REDIRECT: where to go to after the successful upload
# FILE($): the file(s) to be uploaded. Named FILE1, FILE2 etc
# NEW($): corresponding new file name if required. Named NEW1, NEW2 etc
#
#
#####################################################

use CGI;
$query = new CGI;
my $whatDir = $query->param('DIR');
$Data = "$whatDir";

# Set all the other environment variables
@good_extensions = ('gif','jpg','JPG','jpeg','mpeg','bmp','txt','rpt','doc','png','csv','xls','pdf','html','htm','css','zip','tar.gz','xml','zip','ZIP','srg','SRG');
@bad_extensions = ('exe');
my $redirect = $query->param('REDIRECT');
$max_size = 1000000;
$max_num_files = 10;

# Start the serious stuff from here
use CGI;
$max_num_files ||= 1;
$Data ||= $ENV{'DOCUMENT_ROOT'};
undef @bad_extensions if @good_extensions;
for(my $a = 1; $a <= $max_num_files; $a++) {
my $req = new CGI;
if($req->param("FILE$a&quot

) {

# pick up new file name if requested
my $new = $req->param("NEW$a&quot

;
$new =~ s/ +/\_/g;
my $newname = $new;
$newname =~ s/^.*(\\|\/)//;

# pick up the file for download
my $file = $req->param("FILE$a&quot

;
#$file =~ s/ +/\_/g;
my $filename = $file;
$filename =~ s/^.*(\\|\/)//;

# get the new file extension
my $extension = $filename;
$extension =~ s/([^*]|\n)*\b\.//g;

# join the new file name with the reuired extension
my $wholename = join ".",$newname,$extension;

# give the new string if new filename is defined
$filename = $wholename if $newname;
my $proceed_type = 0;

# validate the extension from the good extensions bit
if(@good_extensions) {
foreach(@good_extensions) {
my $ext = $_;
$ext =~ s/\.//g;
if($filename =~ /\.$ext$/) {
$proceed_type = 1;
last;
}
}
unless($proceed_type) {
push(@was_not_good_type, $filename);
}
}

# for bad extensions get names for later
elsif(@bad_extensions) {
$proceed_type = 1;
foreach(@bad_extensions) {
my $ext = $_;
$ext =~ s/\.//g;
if($filename =~ /\.$ext$/) {
$proceed_type = 0;
last;
}
}
unless($proceed_type) {
push(@was_a_bad_type, $filename);
}
} else {
$proceed_type = 1;
}

# either download or not and add names to arrays
if($proceed_type) {
if(open(OUTFILE, ">$Data/$filename&quot

) {
while (my $bytesread = read($file, my $buffer, 1024)) {
print OUTFILE $buffer;
}
close (OUTFILE);
push(@file_did_save, $filename);
} else {
push(@did_not_save, $filename);
}
}

# file too big error
if($max_size) {
if((-s "$Data/$filename&quot

> ($max_size * 1024)) {
push(@was_too_big, $filename);
unlink("$Data/$filename&quot

;
}
}
}
}

# the redirect bit
print "Pragma: no-cache\n";

print "Content-type: text/html\n\n";
print "<HEAD><TITLE>Upload Results</TITLE></HEAD><BODY>";
print "<TABLE>\n";
print "<TR><TD style=\"font-family:helvetica;font-size:11pt;font-weight: bold;\">Upload Results</TD></TR>\n";
print "</TABLE>\n";
print "<hr>\n";
print "<TABLE>\n";

# if print saved then imform
if(@file_did_save) {
print "<TR><TD style=\"font-family:helvetica;font-size:10.5pt;font-weight: bold;\">You have uploaded file(s):</TD></TR>\n";
print "<TR><TD style=\"font-family:helvetica;font-size:8.5pt\">\n";
print join("<BR>", @file_did_save);
print "<BR><BR></TD></TR>\n";
}
# if non specified file type the show
if(@was_not_good_type) {
print "<TR><TD style=\"font-family:helvetica;font-size:10.5pt;font-weight: bold;\">The following file(s) were not stored as their file extensions have not been specified for download:</TD></TR>\n";
print "<TR><TD style=\"font-family:helvetica;font-size:8.5pt\">@was_not_good_type</TD></TR>\n";
}
# if defined illegal file type
if(@was_a_bad_type) {
print "<TR><TD style=\"font-family:helvetica;font-size:10.5pt;font-weight: bold;\">The following file(s) were not stored as their file extension are on the list of extensions not permitted for upload:</TD></TR>\n";
print "<TR><TD style=\"font-family:helvetica;font-size:8.5pt\">@was_a_bad_type</TD></TR>\n";
}
# if file too big
if(@was_too_big) {
print "<TR><TD style=\"font-family:helvetica;font-size:10.5pt;font-weight: bold;\">The following file(s) were not stored as their file size exceeded the maximum file size of $max_size Kb.:</TD></TR>\n";
print "<TR><TD style=\"font-family:helvetica;font-size:8.5pt\">@was_too_big</TD></TR>\n";
}
# if file wasn't saved
if(@did_not_save) {
print "<TR><TD style=\"font-family:helvetica;font-size:10.5pt;font-weight: bold;\">The following file(s) were not stored because the program could not open their destination file:</TD></TR>\n";
print "<TR><TD style=\"font-family:helvetica;font-size:8.5pt\">@did_not_save</TD></TR>\n";
# other errors
if(!@file_did_save) {
print "<TR><TD style=\"font-family:helvetica;font-size:8.5pt\">NOTE: Check to ensure that the \$Data variable reflects the correct<BR>absolute path to the directory these files should be stored in.</TD></TR>\n";
}
}
print "<TR><TD style=\"font-family:helvetica;font-size:10.5pt;font-weight: bold;\">Your destination directory was:</TD></TR>\n";
print "<TR><TD style=\"font-family:helvetica;font-size:8.5pt\">$whatDir</TD></TR>\n";
print "<TR><TD> </TD></TR>\n";

## redirect if specified
if($redirect) {
print "<script language='javascript'>\n";
print "setTimeout('document.location=\"$redirect\"',1500);\n";
print "</script>\n";
}

##### SAMPLE HTML FORM ###################################

<HTML>
<HEAD>

<SCRIPT language="javascript">
function CheckAndDo() {
// any confirmation / validation you need to do on the form here!
var v1=1;
}
</SCRIPT>

<TITLE>TRS Upload</TITLE>
</HEAD>

<FORM name="Post_form" METHOD="POST" ACTION="/cgi-bin/mako/upload.sh" ENCTYPE="multipart/form-data" onSubmit="return CheckAndDo()">

<INPUT TYPE="hidden" NAME="DIR" VALUE="/$full_data_directory_path">
<INPUT TYPE="hidden" NAME="REDIRECT" VALUE="/$full_redirection_html_page_path">

<TABLE class="pageheader" cellspacing="0">
<TR>
<TD ID="Phhead" class="PHh">Upload Files</TD>
</TR>
</TABLE>
<HR>

<TABLE class="pageheader" cellspacing="0">
<TR>
<TD ID="PHbody" class="PHb">File 1:</TD>
<TD><INPUT TYPE="FILE" NAME="FILE1" size=50 maxlength=80><INPUT TYPE="hidden" NAME="NEW1" VALUE="new_file1"></TD>
</TR>
<TR>
<TD ID="PHbody" class="PHb">File 2:</TD>
<TD><INPUT TYPE="FILE" NAME="FILE2" size=50 maxlength=80><INPUT TYPE="hidden" NAME="NEW2" VALUE="new_file2"></TD>
</TR>

<TABLE class="pageheader" cellspacing="0">
<TR>
<TD><INPUT TYPE="submit" VALUE="Upload"></INPUT></TD>
</TR>
</TABLE>
</FORM>
</BODY>
</HTML>

lagerplease · Jan 3, 2003

Thanks for the details Joe. It looks very similar to what I'm already using. I'm starting to think I've got something wrong within my HTML as the script I'm using is completely ignoring the hidden input fields when I use the ENCTYPE parameter.

Have you got this working in a live situation where I could have a quick peek?

Thanks again.

Phil Wills

joezapp · Jan 3, 2003

unfortunately I'm working on an intranet so no public access available I'm afraid. It is used on a daily basis though.

Checklist/ thoughts. (sorry if these are obvious)

1. ENCTYPE set correctly.
2. The params are named correctly consistently between form and script.
3. The inputs are not disabled and are all on the same form and they are of the correct type (ie type file for files, text /hidden etc)
4. you're posting or getting correctly (the above example POSTs)

Check that the form inputs are being submitted - try a javascript alert using the onsubmit - '<FORM... onsubmit="alert(form.inputname.value)" >'. If these are being submitted then its a perl issue.

Can you not pick up any query params at all ? You could try looping through in the script to collect all sent params

If you post your html / perl I can have a look though I'm no expert...

Joe.

lagerplease · Jan 4, 2003

I've tried one of your ideas above and come to the conclusion that this is absolutely crazy and unexplainable. I've attached the original script below and I've amended it to execute a new script called test.cgi once the form has been submitted (ignore all the commenting out in the 'adddetails' subroutine - this bit is still in the testing stage). I've also attached the test.cgi script.

If you run the original script as it is you will notice that it passes all the parameters. If you run it with the ENCTYPE parameter included you will notice that it doesn't pass anything.

I'm bloody flummoxed!!!

### Original script ###

#!/usr/bin/perl

########################################################################
# #
# ADMIN_ADD.CGI (developed for

http://www.mncarsales.co.uk)

#
# Copyright 2003 Dotquake Web Services, all rights reserved #
# Web:

http://www.dotquake.com,

Email: info@dotquake.com #
# #
# This program is provided for sole use on the web site for which it #
# was developed and must not be used elsewhere or redistributed in any #
# form without the express permission of the copyright holder #
# #
# Version history: #
# 1.0 - 02/01/03: Conception #
# #
########################################################################

$stockfile = "../htdocs/vstock.dat";
$vmakesfile = "../htdocs/vmakes.dat";
$reffile = "../htdocs/reference.dat";

print "Content-type: text/html\n\n";

if ($ENV{'REQUEST_METHOD'} eq "GET&quot

{
@argpairs = split(/&/, $ENV{'QUERY_STRING'});
}
else
{
read(STDIN, $buffer, $ENV{'CONTENT_LENGTH'});
@argpairs = split(/&/, $buffer);
}

foreach $dataline (@argpairs)
{
($argname, $argvalue) = split(/=/, $dataline);
$argvalue =~ tr/+/ /;
$argvalue =~ s/%([a-fA-F0-9][a-fA-F0-9])/pack("C", hex($1))/eg;
$argvalue =~ s///g;
$argvalue =~ s/<([^>]|\n)*>//g;
$form{$argname} = $argvalue;
}

if ($form{scriptaction} eq "adddetails&quot

{
&adddetails;
}

open (REFFILE, "$reffile&quot

;
@reffile = <REFFILE>;
close (REFFILE);

foreach $dataline (@reffile)
{
chomp $dataline;
($reference) = split(/\|/, $dataline);
}

$reference = sprintf("%04d", $reference);

print "<html>\n";
print "<head>\n";
print "<meta http-equiv=\"Content-Type\" content=\"text/html; charset=iso-8859-1\">\n";
print "<meta name=\"Author\" content=\"Dotquake Web Services - info\@dotquake.com\">\n";
print "<meta name=\"Description\" content=\"MN Car Sales - Pre-owned cars from £300 upwards\">\n";
print "<meta name=\"Keywords\" content=\"car, sales, warranty, part exchange, bodywork repair, valet\">\n";
print "<link rel=\"stylesheet\" href=\"../style.css\" type=\"text/css\">\n";
print "<script language=\"Javascript\" src=\"../admin_add.js\" type=\"text/javascript\"></script>\n";
print "<title>MN Car Sales</title>\n";
print "</head>\n";
print "<body bgcolor=\"#F0F8FF\" onLoad=\"document.forms.add.make.focus()\">\n";
print "<table border=\"0\" cellpadding=\"5\" cellspacing=\"0\" width=\"100%\" background=\"../background.jpg\">\n";
print "<tr>\n";
print "<td width=\"1%\" valign=\"top\" nowrap><img border=\"0\" src=\"../spacer.gif\" width=\"8\" height=\"8\"><img border=\"0\" src=\"../spacer.gif\" width=\"8\" height=\"8\"><img border=\"0\" src=\"../mncslogo.gif\" alt=\"MN Car Sales\" width=\"148\" height=\"77\"></td>\n";
print "<td width=\"99%\" align=\"right\" valign=\"top\"><p><b><font face=\"Verdana, Arial\" size=\"3\">· Pre-owned cars from £300 upwards<br>· Finance & warranties available<br>· Part exchanges welcomed<br>· All types of vehicle purchased for cash</font></b></p></td>\n";
print "</tr>\n";
print "</table>\n";
print "<table border=\"0\" cellpadding=\"3\" cellspacing=\"0\" width=\"100%\">\n";
print "<tr>\n";
print "<td colspan=\"4\"><img src=\"../spacer.gif\" border=\"0\" width=\"8\" height=\"8\"></td>\n";
print "</tr>\n";
print "<tr>\n";
print "<td width=\"1%\" align=\"center\" valign=\"top\" nowrap background=\"../menubarback.jpg\">\n";
print "<p><font face=\"Verdana, Arial\" size=\"1\"><b>SITE MENU</b><br><br></font>\n";
print "<font face=\"Verdana, Arial\" size=\"1\"><b>\n";
print "<a href=\"../home.html\" title=\"Return to MN Car Sales home page\">· HOME PAGE ·</a><br>\n";
print "<a href=\"vehicles.cgi\" title=\"View our range of pre-owned vehicles\">· OUR VEHICLES ·</a><br>\n";
print "<a href=\"../vsearch.shtml\" title=\"Search for a specific vehicle\">· VEHICLE SEARCH ·</a><br>\n";
print "<a href=\"../partexchange.html\" title=\"Details of our part exchange services\">· PART EXCHANGE ·</a><br>\n";
print "<a href=\"../warranties.html\" title=\"Details of our comprehensive warranties\">· WARRANTIES ·</a><br>\n";
print "<a href=\"../finance.html\" title=\"Details of our financing services\">· FINANCE ·</a><br>\n";
print "<a href=\"../contact.html\" title=\"Contact or locate MN Car Sales\">· CONTACT US ·</a></b></font></p>\n";
print "</td>\n";
print "<td width=\"1%\" style=\"border-right: 3px double #000000\"><img src=\"../spacer.gif\" border=\"0\" width=\"8\" height=\"8\"></td>\n";
print "<td width=\"1%\"><img src=\"../spacer.gif\" border=\"0\" width=\"8\" height=\"8\"></td>\n";
print "<td width=\"97%\" valign=\"top\">\n";
print "<table border=\"0\" cellpadding=\"3\" cellspacing=\"0\" width=\"100%\">\n";
print "<tr>\n";
print "<td background=\"../menubarback.jpg\"><b><i><font face=\"Verdana, Arial\" size=\"4\">Add New Vehicle</font></i></b></td>\n";
print "</tr>\n";
print "<tr>\n";
print "<td><img src=\"../spacer.gif\" border=\"0\" width=\"8\" height=\"8\"></td>\n";
print "</tr>\n";
print "<tr>\n";
print "<td valign=\"top\">\n";
print "<p><font face=\"Verdana, Arial\" size=\"2\">Please use the form below to enter the details for the new vehicle which you wish to add to stock.</font></p>\n";
#print "<form method=\"POST\" name=\"add\" action=\"test.cgi\" enctype=\"multipart/form-data\" onSubmit=\"return checkForm()\">\n";
print "<form method=\"POST\" name=\"add\" action=\"test.cgi\" onSubmit=\"return checkForm()\">\n";
print "<input type=\"hidden\" name=\"scriptaction\" value=\"adddetails\"><input type=\"hidden\" name=\"reference\" value=\"$reference\">\n";
print "<table border=\"0\" cellpadding=\"3\" cellspacing=\"0\" width=\"100%\">\n";
print "<tr>\n";
print "<td width=\"1%\" align=\"right\" nowrap><font face=\"Verdana, Arial\" size=\"1\">Vehicle reference:</font></td>\n";
print "<td width=\"99%\"><font face=\"Verdana, Arial\" size=\"2\"><b>$reference</b></font></td>\n";
print "</tr>\n";
print "<tr>\n";
print "<td width=\"1%\" align=\"right\" nowrap><font face=\"Verdana, Arial\" size=\"1\">Make of vehicle:</font></td>\n";
print "<td width=\"99%\"><select size=\"1\" name=\"make\"><option selected>Please select from list</option>";

open (VMAKESFILE, "$vmakesfile&quot

;
@vmakesfile = <VMAKESFILE>;
close (VMAKESFILE);

foreach $dataline (@vmakesfile)
{
chomp $dataline;
($vmake) = split(/\|/, $dataline);

print "<option>$vmake</option>";
}

print "</select></td>\n";
print "</tr>\n";
print "<tr>\n";
print "<td width=\"1%\" align=\"right\" nowrap><font face=\"Verdana, Arial\" size=\"1\">Model:</font></td>\n";
print "<td width=\"99%\"><input type=\"text\" name=\"model\" size=\"20\"></td>\n";
print "</tr>\n";
print "<tr>\n";
print "<td width=\"1%\" align=\"right\" nowrap><font face=\"Verdana, Arial\" size=\"1\">Other:</font></td>\n";
print "<td width=\"99%\"><input type=\"text\" name=\"other\" size=\"20\"><font face=\"Verdana, Arial\" size=\"1\"><i> i.e., 2.0 DL, GTi, etc.</i></font></td>\n";
print "</tr>\n";
print "<tr>\n";
print "<td width=\"1%\" align=\"right\" nowrap><font face=\"Verdana, Arial\" size=\"1\">Year of manufacture:</font></td>\n";
print "<td width=\"99%\"><input type=\"text\" name=\"year\" size=\"5\" maxlength=\"4\"><font face=\"Verdana, Arial\" size=\"1\"><i> Please use four figure years</i></font></td>\n";
print "</tr>\n";
print "<tr>\n";
print "<td width=\"1%\" align=\"right\" nowrap><font face=\"Verdana, Arial\" size=\"1\">Engine size:</font></td>\n";
print "<td width=\"99%\"><input type=\"text\" name=\"engine\" size=\"5\"><font face=\"Verdana, Arial\" size=\"1\"><i> Enter numeric values only</i></font></td>\n";
print "</tr>\n";
print "<tr>\n";
print "<td width=\"1%\" align=\"right\" nowrap><font face=\"Verdana, Arial\" size=\"1\">Colour:</font></td>\n";
print "<td width=\"99%\"><input type=\"text\" name=\"colour\" size=\"20\"></td>\n";
print "</tr>\n";
print "<tr>\n";
print "<td width=\"1%\" align=\"right\" valign=\"top\" nowrap><font face=\"Verdana, Arial\" size=\"1\">Description:</font></td>\n";
print "<td width=\"99%\"><textarea name=\"details\" rows=\"8\" cols=\"50\"></textarea></td>\n";
print "</tr>\n";
print "<tr>\n";
print "<td width=\"1%\" align=\"right\" nowrap><font face=\"Verdana, Arial\" size=\"1\">Price:</font></td>\n";
print "<td width=\"99%\"><input type=\"text\" name=\"price\" size=\"8\"><font face=\"Verdana, Arial\" size=\"1\"><i> Enter numeric values only with no pound sign</i></font></td>\n";
print "</tr>\n";
print "<tr>\n";
print "<td width=\"1%\" align=\"right\" nowrap><font face=\"Verdana, Arial\" size=\"1\">Ownership:</font></td>\n";
print "<td width=\"99%\"><select size=\"1\" name=\"prefix\"><option>MNAA</option><option selected>MNCS</option></select><font face=\"Verdana, Arial\" size=\"1\"><i> Select 'MNCS' for MN Car Sales vehicles, 'MNAA' for all others</i></font></td>\n";
print "</tr>\n";
#print "<tr>\n";
#print "<td colspan=\"2\"><img src=\"../spacer.gif\" border=\"0\" width=\"8\" height=\"8\"></td>\n";
#print "</tr>\n";
#print "<tr>\n";
#print "<td colspan=\"2\"><font face=\"Verdana, Arial\" size=\"1\"><b>IMPORTANT:</b> Before you can add this new vehicle to stock you will need to have created the required images for displaying on the site.<br><br>File <b>mncs$reference.jpg</b> (main image) should be <b>300 x 240</b> pixels in size.<br>File <b>mnct$reference.jpg</b> (thumbnail) should be <b>100 x 80</b> pixels in size.<br><br>These images should be named <b>exactly</b> as specified here (i.e. all in lower case) and the file locations on your computer where they have been saved should be specified in the boxes below.</font></td>\n";
#print "</tr>\n";
#print "<tr>\n";
#print "<td width=\"1%\" align=\"right\" nowrap><font face=\"Verdana, Arial\" size=\"1\">Main image file location:</font></td>\n";
#print "<td width=\"99%\"><input type=\"file\" name=\"mainimage\" size=\"40\"></td>\n";
#print "</tr>\n";
#print "<tr>\n";
#print "<td width=\"1%\" align=\"right\" nowrap><font face=\"Verdana, Arial\" size=\"1\">Thumbnail image file location:</font></td>\n";
#print "<td width=\"99%\"><input type=\"file\" name=\"thumbimage\" size=\"40\"></td>\n";
#print "</tr>\n";
print "<tr>\n";
print "<td width=\"1%\"><img src=\"../spacer.gif\" border=\"0\" width=\"8\" height=\"8\"></td>\n";
print "<td width=\"99%\"><input type=\"submit\" value=\"Add details\" name=\"submit\" ID=\"submit\"></td>\n";
print "</tr>\n";
print "</table>\n";
print "</form>\n";
print "</td>\n";
print "</tr>\n";
print "</table>\n";
print "</td>\n";
print "</tr>\n";
print "<tr><td colspan=\"4\"><img src=\"../spacer.gif\" border=\"0\" width=\"8\" height=\"8\"></td>\n";
print "</tr>\n";
print "</table>\n";
print "<table border=\"0\" cellpadding=\"5\" cellspacing=\"0\" width=\"100%\" background=\"../background.jpg\">\n";
print "<tr>\n";
print "<td align=\"right\" nowrap><p><font face=\"Verdana, Arial\" size=\"1\"><b>MN Car Sales, Proprietor: Mark Norton<br>St Andrews Yard, Willeys Avenue, Exeter, EX2 8EP<br>Enquiries: <a href=\"mailto:enquiries\@mncarsales.co.uk\" title=\"Send email to MN Car Sales\">enquiries\@mncarsales.co.uk</a><br>Tel: 01392 276728, mobile: 07974 382416 (24 hr)</b></font></p></td>\n";
print "</tr>\n";
print "</table>\n";
print "<p align=\"right\"><font face=\"Verdana, Arial\" size=\"1\" color=\"#808080\"><i>\n";
print "<script language=\"Javascript\" type=\"text/javascript\"></script>\n";
print "<br>Best viewed at 800 x 600 pixels with browser version 4.0 or later<br>Design, programming & maintenance by <a href=\"

http://www.dotquake.com/\"

title=\"Dotquake Web Services\" target=\"_blank\"><img src=\"../dwslogo.gif\" border=\"0\" align=\"absmiddle\" width=\"24\" height=\"14\"></a> <a href=\"

http://www.dotquake.com/\"

title=\"Dotquake Web Services\" target=\"_blank\">Dotquake Web Services</a></i></font></p>\n";
print "</body>\n";
print "</html>";

sub adddetails
{
# $form{details} =~ tr/\n/ /;
#
# open (STOCKFILE, ">$stockfile&quot

;
# flock (STOCKFILE, 2);
# seek (STOCKFILE, 0, 0);
#
# foreach $dataline (@stockfile)
# {
# chomp $dataline;
# ($reference, $make, $model, $other, $year, $engine, $colour, $details, $price, $prefix) = split(/\|/, $dataline);
#
# if ($reference eq $form{reference})
# {
# print STOCKFILE "$reference\|$form{make}\|$form{model}\|$form{other}\|$form{year}\|$form{engine}\|$form{colour}\|$form{details}\|$form{price}\|$form{prefix}\|\n";
# }
# else
# {
# print STOCKFILE "$dataline\n";
# }
# }
#
# flock (STOCKFILE, 8);
# close (STOCKFILE);

# open (THUMBIMAGE, ">../htdocs/images/mnct$form{reference}.jpg&quot

;
# binmode THUMBIMAGE;
#
# while (read("$form{thumbimage}", $buffer, 1024))
# {
# print THUMBIMAGE $buffer;
# }
#
# close THUMBIMAGE;

print "<html>\n";
print "<head>\n";
print "<meta http-equiv=\"Content-Type\" content=\"text/html; charset=iso-8859-1\">\n";
print "<meta name=\"Author\" content=\"Dotquake Web Services - info\@dotquake.com\">\n";
print "<meta name=\"Description\" content=\"MN Car Sales - Pre-owned cars from £300 upwards\">\n";
print "<meta name=\"Keywords\" content=\"car, sales, warranty, part exchange, bodywork repair, valet\">\n";
print "<link rel=\"stylesheet\" href=\"../style.css\" type=\"text/css\">\n";
print "<script language=\"Javascript\" src=\"../admin_add.js\" type=\"text/javascript\"></script>\n";
print "<title>MN Car Sales</title>\n";
print "</head>\n";
print "<body bgcolor=\"#F0F8FF\">\n";
print "<table border=\"0\" cellpadding=\"5\" cellspacing=\"0\" width=\"100%\" background=\"../background.jpg\">\n";
print "<tr>\n";
print "<td width=\"1%\" valign=\"top\" nowrap><img border=\"0\" src=\"../spacer.gif\" width=\"8\" height=\"8\"><img border=\"0\" src=\"../spacer.gif\" width=\"8\" height=\"8\"><img border=\"0\" src=\"../mncslogo.gif\" alt=\"MN Car Sales\" width=\"148\" height=\"77\"></td>\n";
print "<td width=\"99%\" align=\"right\" valign=\"top\"><p><b><font face=\"Verdana, Arial\" size=\"3\">· Pre-owned cars from £300 upwards<br>· Finance & warranties available<br>· Part exchanges welcomed<br>· All types of vehicle purchased for cash</font></b></p></td>\n";
print "</tr>\n";
print "</table>\n";
print "<table border=\"0\" cellpadding=\"3\" cellspacing=\"0\" width=\"100%\">\n";
print "<tr>\n";
print "<td colspan=\"4\"><img src=\"../spacer.gif\" border=\"0\" width=\"8\" height=\"8\"></td>\n";
print "</tr>\n";
print "<tr>\n";
print "<td width=\"1%\" align=\"center\" valign=\"top\" nowrap background=\"../menubarback.jpg\">\n";
print "<p><font face=\"Verdana, Arial\" size=\"1\"><b>SITE MENU</b><br><br></font>\n";
print "<font face=\"Verdana, Arial\" size=\"1\"><b>\n";
print "<a href=\"../home.html\" title=\"Return to MN Car Sales home page\">· HOME PAGE ·</a><br>\n";
print "<a href=\"vehicles.cgi\" title=\"View our range of pre-owned vehicles\">· OUR VEHICLES ·</a><br>\n";
print "<a href=\"../vsearch.shtml\" title=\"Search for a specific vehicle\">· VEHICLE SEARCH ·</a><br>\n";
print "<a href=\"../partexchange.html\" title=\"Details of our part exchange services\">· PART EXCHANGE ·</a><br>\n";
print "<a href=\"../warranties.html\" title=\"Details of our comprehensive warranties\">· WARRANTIES ·</a><br>\n";
print "<a href=\"../finance.html\" title=\"Details of our financing services\">· FINANCE ·</a><br>\n";
print "<a href=\"../contact.html\" title=\"Contact or locate MN Car Sales\">· CONTACT US ·</a></b></font></p>\n";
print "</td>\n";
print "<td width=\"1%\" style=\"border-right: 3px double #000000\"><img src=\"../spacer.gif\" border=\"0\" width=\"8\" height=\"8\"></td>\n";
print "<td width=\"1%\"><img src=\"../spacer.gif\" border=\"0\" width=\"8\" height=\"8\"></td>\n";
print "<td width=\"97%\" valign=\"top\">\n";
print "<table border=\"0\" cellpadding=\"3\" cellspacing=\"0\" width=\"100%\">\n";
print "<tr>\n";
print "<td background=\"../menubarback.jpg\"><b><i><font face=\"Verdana, Arial\" size=\"4\">Add New Vehicle</font></i></b></td>\n";
print "</tr>\n";
print "<tr>\n";
print "<td><img src=\"../spacer.gif\" border=\"0\" width=\"8\" height=\"8\"></td>\n";
print "</tr>\n";
print "<tr>\n";
print "<td valign=\"top\">\n";
print "<p><font face=\"Verdana, Arial\" size=\"2\">The details for the new vehicle with reference number <b>$form{reference} ($form{make} $form{model})</b>, detailed below, have been successfully added and all relevant files have been uploaded and updated.</font></p>\n";
print "<p><font face=\"Verdana, Arial\" size=\"2\">Please click <a href=\"admin_add.cgi\" title=\"Add another new vehicle\">here</a> to add another new vehicle, <a href=\"admin_amend.cgi?method=POST&reference=$form{reference}\" title=\"Amend details for this vehicle\">here</a> to amend the details for this vehicle, or continue to navigate the site using the contents menu on the left of the screen.</font></p>\n";
print "</td>\n";
print "</tr>\n";
print "</table>\n";
print "</td>\n";
print "</tr>\n";
print "<tr><td colspan=\"4\"><img src=\"../spacer.gif\" border=\"0\" width=\"8\" height=\"8\"></td>\n";
print "</tr>\n";
print "</table>\n";
print "<table border=\"0\" cellpadding=\"5\" cellspacing=\"0\" width=\"100%\" background=\"../background.jpg\">\n";
print "<tr>\n";
print "<td align=\"right\" nowrap><p><font face=\"Verdana, Arial\" size=\"1\"><b>MN Car Sales, Proprietor: Mark Norton<br>St Andrews Yard, Willeys Avenue, Exeter, EX2 8EP<br>Enquiries: <a href=\"mailto:enquiries\@mncarsales.co.uk\" title=\"Send email to MN Car Sales\">enquiries\@mncarsales.co.uk</a><br>Tel: 01392 276728, mobile: 07974 382416 (24 hr)</b></font></p></td>\n";
print "</tr>\n";
print "</table>\n";
print "<p align=\"right\"><font face=\"Verdana, Arial\" size=\"1\" color=\"#808080\"><i>\n";
print "<script language=\"Javascript\" type=\"text/javascript\"></script>\n";
print "<br>Best viewed at 800 x 600 pixels with browser version 4.0 or later<br>Design, programming & maintenance by <a href=\"

http://www.dotquake.com/\"

title=\"Dotquake Web Services\" target=\"_blank\"><img src=\"../dwslogo.gif\" border=\"0\" align=\"absmiddle\" width=\"24\" height=\"14\"></a> <a href=\"

http://www.dotquake.com/\"

title=\"Dotquake Web Services\" target=\"_blank\">Dotquake Web Services</a></i></font></p>\n";
print "</body>\n";
print "</html>";

exit;
}

### New test.cgi script ###

#!/usr/bin/perl

print "Content-type: text/html\n\n";

if ($ENV{'REQUEST_METHOD'} eq "GET&quot

{
@argpairs = split(/&/, $ENV{'QUERY_STRING'});
}
else
{
read(STDIN, $buffer, $ENV{'CONTENT_LENGTH'});
@argpairs = split(/&/, $buffer);
}

foreach $dataline (@argpairs)
{
($argname, $argvalue) = split(/=/, $dataline);
$argvalue =~ tr/+/ /;
$argvalue =~ s/%([a-fA-F0-9][a-fA-F0-9])/pack("C", hex($1))/eg;
$argvalue =~ s///g;
$argvalue =~ s/<([^>]|\n)*>//g;
$form{$argname} = $argvalue;
}

print "<html>\n";
print "<head>\n";
print "<title>Upload Test</title>\n";
print "</head>\n";
print "<body>\n";
print "reference = <b>$form{reference}</b><br>\n";
print "make = <b>$form{make}</b><br>\n";
print "model = <b>$form{model}</b><br>\n";
print "other = <b>$form{other}</b><br>\n";
print "year = <b>$form{year}</b><br>\n";
print "engine = <b>$form{engine}</b><br>\n";
print "colour = <b>$form{colour}</b><br>\n";
print "details = <b>$form{details}</b><br>\n";
print "price = <b>$form{price}</b><br>\n";
print "prefix = <b>$form{prefix}</b><br><br>\n";
print "scriptaction = <b>$form{scriptaction}</b><br>\n";
print "mainimage = <b>$form{mainimage}</b><br>\n";
print "thumbimage = <b>$form{thumbimage}</b><br>\n";
print "</body>\n";
print "</html>";

Thanks for all your help with this. I'm in your debt.

Phil.

joezapp · Jan 5, 2003

Right.

Have got the following to work (apologies for the huge post again). Its a cut down version of what you gave me mashed into the script I posted above.

Shouldn't be too much work to get it looking as it should.

hope it makes sense

Joe.

here we go

:

#!/usr/bin/perl
use CGI;
$query = new CGI;

sub setFile {

print "Content-type: text/html\n\n";
print "<HTML>\n";
print "<HEAD>\n";
print "<SCRIPT language=\"javascript\">\n";
print " function CheckAndDo() {\n";
print " // any confirmation / validation you need to do on the form here!\n";
print " var v1=1;\n";
print " }\n";
print "</SCRIPT>\n";
print "<TITLE>TRS Upload</TITLE>\n";
print "</HEAD>\n";

print "<FORM name=\"Post_form\" METHOD=\"POST\" ACTION=\"####your var here####/upload_test.sh\" ENCTYPE=\"multipart/form-data\" onSubmit=\"return CheckAndDo()\">\n";
print "<INPUT TYPE=\"hidden\" NAME=\"DIR\" VALUE=\"/####your destination data directory here####\">\n";

print "<TABLE cellspacing=\"0\">\n";
print "<TR>\n";
print "<TD>Upload Files/TD>\n";
print "</TR>\n";
print "</TABLE>\n";
print "<HR>\n";

print "<TABLE cellspacing=\"0\">\n";
print "<TR>\n";
print " <TD>File 1:</TD>\n";
print " <TD><INPUT TYPE=\"FILE\" NAME=\"FILE1\" size=50 maxlength=80><INPUT TYPE=\"hidden\" NAME=\"NEW1\" VALUE=\"new_file1\"></TD>\n";
print "</TR>\n";
print "<TR>\n";
print " <TD ID=\"PHbody\" class=\"PHb\">File 2:</TD>\n";
print " <TD><INPUT TYPE=\"FILE\" NAME=\"FILE2\" size=50 maxlength=80><INPUT TYPE=\"hidden\" NAME=\"NEW2\" VALUE=\"new_file2\"></TD>\n";
print "</TR>\n";

print "<TABLE cellspacing=\"0\">\n";
print "<TR>\n";
print " <TD>HOLDING VARIABLES</TD>\n";
print "</TR>\n";
print "<TR>\n";
print " <TD><INPUT TYPE=\"text\" NAME=\"REFERENCE\"></INPUT></TD>\n";
print "</TR>\n";
print "<TR>\n";
print " <TD><INPUT TYPE=\"text\" NAME=\"MAKE\"></INPUT></TD>\n";
print "</TR>\n";
print "<TR>\n";
print " <TD><INPUT TYPE=\"text\" NAME=\"MODEL\"></INPUT></TD>\n";
print "</TR>\n";
print "<TR>\n";
print " <TD><INPUT TYPE=\"text\" NAME=\"COLOUR\"></INPUT></TD>\n";
print "</TR>\n";
print "<TR>\n";
print " <TD><INPUT TYPE=\"text\" NAME=\"PRICE\"></INPUT></TD>\n";
print "</TR>\n";
print "</TABLE>\n";

print "<TABLE cellspacing=\"0\">\n";
print "<TR>\n";
print " <TD><INPUT TYPE=\"submit\" VALUE=\"Upload\"></INPUT></TD>\n";
print "</TR>\n";
print "</TABLE>\n";
print "</FORM>\n";
print "</BODY>\n";
print "</HTML>\n";

}

sub addFile
{

## set the destination directory name
my $whatDir = $query->param('DIR');
$Data = "$ENV{'DEVELOP'}/####your destination data directory path here####/$whatDir/";

## collect variables here, hardcoded for ease of reference
my $reference = $query->param('REFERENCE');
my $carmaker = $query->param('MAKE');
my $carmodel = $query->param('MODEL');
my $carcolor = $query->param('COLOUR');
my $carprice = $query->param('PRICE');

##### file upload scripting - do not alter as it should work #######

# Set all the other environment variables
@good_extensions = ('gif','jpg','JPG','jpeg','mpeg','bmp','txt','rpt','doc','png','csv','xls','pdf','html','htm','css','zip','tar.gz','xml','zip','ZIP','srg','SRG');
@bad_extensions = ('exe');
$max_size = 1000000;
$max_num_files = 10;

# Start the serious stuff from here
use CGI;
$max_num_files ||= 1;
$Data ||= $ENV{'DOCUMENT_ROOT'};
undef @bad_extensions if @good_extensions;
for(my $a = 1; $a <= $max_num_files; $a++) {
my $req = new CGI;
if($req->param("FILE$a&quot

) {

# pick up new file name if requested
my $new = $req->param("NEW$a&quot

;
$new =~ s/ +/\_/g;
my $newname = $new;
$newname =~ s/^.*(\\|\/)//;

# pick up the file for download
my $file = $req->param("FILE$a&quot

;
#$file =~ s/ +/\_/g;
my $filename = $file;
$filename =~ s/^.*(\\|\/)//;

# get the new file extension
my $extension = $filename;
$extension =~ s/([^*]|\n)*\b\.//g;

# join the new file name with the reuired extension
my $wholename = join ".",$newname,$extension;

# give the new string if new filename is defined
$filename = $wholename if $newname;
my $proceed_type = 0;

# validate the extension from the good extensions bit
if(@good_extensions) {
foreach(@good_extensions) {
my $ext = $_;
$ext =~ s/\.//g;
if($filename =~ /\.$ext$/) {
$proceed_type = 1;
last;
}
}
unless($proceed_type) {
push(@was_not_good_type, $filename);
}
}

# for bad extensions get names for later
elsif(@bad_extensions) {
$proceed_type = 1;
foreach(@bad_extensions) {
my $ext = $_;
$ext =~ s/\.//g;
if($filename =~ /\.$ext$/) {
$proceed_type = 0;
last;
}
}
unless($proceed_type) {
push(@was_a_bad_type, $filename);
}
} else {
$proceed_type = 1;
}

# either download or not and add names to arrays
if($proceed_type) {
if(open(OUTFILE, ">$Data/$filename&quot

) {
while (my $bytesread = read($file, my $buffer, 1024)) {
print OUTFILE $buffer;
}
close (OUTFILE);
push(@file_did_save, $filename);
} else {
push(@did_not_save, $filename);
}
}

# file too big error
if($max_size) {
if((-s "$Data/$filename&quot

> ($max_size * 1024)) {
push(@was_too_big, $filename);
unlink("$Data/$filename&quot

;
}
}
}
}

# the redirect bit
print "Pragma: no-cache\n";
print "Content-type: text/html\n\n";
print "<html>\n";
print "<head>\n";
print "<meta http-equiv=\"Content-Type\" content=\"text/html; charset=iso-8859-1\">\n";
print "<meta name=\"Author\" content=\"Dotquake Web Services - info\@dotquake.com\">\n";
print "<meta name=\"Description\" content=\"MN Car Sales - Pre-owned cars from £300 upwards\">\n";
print "<meta name=\"Keywords\" content=\"car, sales, warranty, part exchange, bodywork repair, valet\">\n";
print "<title>MN Car Sales</title>\n";
print "</head>\n";

print "<body bgcolor=\"#F0F8FF\">\n";
print "<table border=\"0\" cellpadding=\"5\" cellspacing=\"0\" width=\"100%\">\n";
print "<tr>\n";
print "<td valign=\"top\">\n";
print "<p><font face=\"Verdana, Arial\" size=\"2\">The details for the new vehicle with reference number <b>$carreference ($carmaker $carmodel priced at $carprice)</b>, detailed below, have been successfully added and all relevant files have been uploaded and updated.</font></p>\n";
print "<p><font face=\"Verdana, Arial\" size=\"2\">Please click <a href=\"admin_add.cgi\" title=\"Add another new vehicle\">here</a> to add another new vehicle, <a href=\"admin_amend.cgi?method=POST&reference=$form{reference}\" title=\"Amend details for this vehicle\">here</a> to amend the details for this vehicle, or continue to navigate the site using the contents menu on the left of the screen.</font></p>\n";
print "</td>\n";
print "</tr>\n";
print "</table>\n";
print "<table border=\"0\" cellpadding=\"5\" cellspacing=\"0\" width=\"100%\" >\n";
print "<tr>\n";
print "<td align=\"right\" nowrap><p><font face=\"Verdana, Arial\" size=\"1\"><b>MN Car Sales, Proprietor: Mark Norton<br>St Andrews Yard, Willeys Avenue, Exeter, EX2 8EP<br>Enquiries: <a href=\"mailto:enquiries\@mncarsales.co.uk\" title=\"Send email to MN Car Sales\">enquiries\@mncarsales.co.uk</a><br>Tel: 01392 276728, mobile: 07974 382416 (24 hr)</b></font></p></td>\n";
print "</tr>\n";
print "</table>\n";
print "<p align=\"right\"><font face=\"Verdana, Arial\" size=\"1\" color=\"#808080\"><i>\n";
print "<br>Best viewed at 800 x 600 pixels with browser version 4.0 or later<br>Design, programming & maintenance by <a href=\"

http://www.dotquake.com/\";

title=\"Dotquake Web Services\" target=\"_blank\"><img src=\"../dwslogo.gif\" border=\"0\" align=\"absmiddle\" width=\"24\" height=\"14\"></a> <a href=\"

http://www.dotquake.com/\";

title=\"Dotquake Web Services\" target=\"_blank\">Dotquake Web Services</a></i></font></p>\n";
print "</body>\n";
print "</html>";
}

### just picks up on one of the params from the form - you could use an 'action' hidden field which'd make more sense

my $whatDir = $query->param('DIR');

if($whatDir) {
addFile
} else {
setFile
}

lagerplease · Jan 6, 2003

Cracked it!

I've learnt a big lesson here. I decided straight out that I didn't like the look of the CGI module so I decided to ignore it and do things the only way I knew how (after all, I'm still a relative novice when it comes to PERL). Now that I've looked at what it does and how it does it I realise how naive I've been!

Sincere thanks for all your help on this. It's good to know that there are decent people like you around who are willing to help others out just for the hell of it. I hope I didn't put you to too much trouble.

Phil.

joezapp · Jan 6, 2003

glad to be of some help (its not often I can!) and ta for the star

I've been stuck in the past and this sites helped me no end so I'm just "passing it on", as it were...

Joe.

Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Combining form FILE and TEXT input 1

lagerplease

Technical User

lagerplease

Technical User

joezapp

Programmer

lagerplease

Technical User

joezapp

Programmer

lagerplease

Technical User

joezapp

Programmer

lagerplease

Technical User

joezapp

Programmer

Similar threads

Part and Inventory Search

Sponsor