++wog for getting you on the right track and ++tilly for explaining where and why the problem was arising.
I just thought that I would add this as an extra.
To help show what you can do with the "local" filename and why you might want it. Also, if you are using CGI.pm, you might aswell use it.
#!/usr/bin/perl
use CGI;
$co = new CGI;
if (!$co->param()) {
print $co->header,
$co->start_html('upload a file'),
"<table border=1><tr><td>",
$co->center('upload a file'),
$co->start_multipart_form,
$co->filefield(-name=>'file1', -size=>30),
$co->br,
$co->submit(-value=>'Upload'),
$co->end_form,
"</td></tr></table>";
} else {
$file = $co->param('file1');
print $co->header,
$co->start_html('file uploaded'),
"Uploading $file ...<br>";
@filename = split(/\\/, $file);
open (FILE, ">safe/$filename[$#filename]"),
print "... $filename[$#filename] uploaded.";
print FILE <$file>;
close FILE;
}
print $co->end_html;
This is working, but of course, this script is JUST AN EXAMPLE, and you should not trust input forms. Use -T and check the file path for bad chars. Basic error checking, referrer checking, etc.
"Better secure than sorry." -xtype | [reply]
[d/l] |
