1. Technology

Using CGI to Upload Files

Using HTML Forms You Can Transfer Files to Your Web Site


One of the more interesting form input tags is the <input type="file" />. This tag allows you to specify a file to upload to the Web server.

However, if you simply use this tag within a form, the file may not get uploaded and if it does, it may not end up where you expect it.

Note, the scripts included in this article are for examples only and are not meant to be used as real file uploading scripts.

How to Do Use the <input type="file" /> to Upload Files

There are several ways to set up a script to do file upload for you. The simplest is described on the cgi-lib home page. To do it you simply write an HTML form that includes:

  • enctype="multipart/form-data"
    An attribute of the <form> tag
    <form enctype="multipart/form-data" action="...">
  • input type="file"
    The tag that gets the file name and path
    <input type="file" name="uploadfile" />

And write a CGI that parses form data, and reads in the results of your upload. For example:

 require "cgi-lib.pl";
 $cgi_lib'maxdata = 50000;
 &ReadParse || &CgiDie("error parsing data");
 &CgiDie("Slashes not allowed in filenames") if $in{'file'} =~ /([^\/\\]+)$/);
 print &PrintHeader;
 print &HtmlTop("File Upload");
 print << EOT;
 <p>You've uploaded a file.</p>
 <p>The file's contents are:<br />
 print &HtmlBot;

However, this script places your uploaded file in a temporary directory on the Web server, and that isn't usually very useful. A more complicated Perl script, such as is found at the CGI-Resource Index will save the file to a directory of your choosing.

How to Upload Files Well

When setting out to write a script that will upload files to your Web server, you need to pre-determine two variables:

  • The maximum bytes to upload
    Many Web servers have size limitations, and you don't want your Web directory filled up with huge files.

  • The path to upload to
    This is the location where you want your uploaded files to end up. This location should be a directory without the trailing slash, it should already exist, and it should be writeable by all users (so that the Web server can write to it).

Maximum Bytes to Upload

The sample script listed above includes the line:

$cgi_lib'maxdata = 50000;

This is the line that determines how large a file you can upload. The cgi-lib defaults to 0, so in order for your file upload CGI to work, you must include this line in your script.

Path to Upload To

The sample script does not include a default file location. Therefore, you need to set one. At the top of the script, add a line that indicates the location to save your files:

 $upload_dir = "/www/docs/html/upload";
 require "cgi-lib.pl";

Do not include any trailing slashes.

Finally, to have the file saved to the directory of your choice, you need to create the file and write it to the directory, using file handles. This portion of the script reads the file into a buffer, and then prints it to the location you specified above:

&CgiDie("Slashes not allowed in filenames")
   if  $in{'file'} =~ /([^\/\\]+)$/);
 open (OUTPUT, ">$upload_dir\/$in{'file'}") ||
   &CgiDie("Could not open file for writing: $!");
 undef $Buffer;
 while (read($in{'file'},$Buffer,1024)) {
     print OUTPUT $Buffer;
 chmod (0666, "$upload_dir\/$in{'file'}"
 print &PrintHeader;

Previous Features

©2014 About.com. All rights reserved.