Several lat er sect ions in t his chapt er illust rat e how t o incorporat e web input int o queries. Recipe 18.9 shows how t o upload files and load t hem int o MySQL. Recipe 18.10 dem onst rat es a sim ple search applicat ion using input as search keywords. Recipe 18.11 and Recipe 18.12 process param et ers in URLs.

18.9 Processing File Uploads

18.9.1 Problem

You want t o allow files t o be uploaded your web server and st ored in your dat abase.

18.9.2 Solution

Present t he user wit h a web form t hat includes a file field. Use a file field in a web form . When t he user subm it s t he form , ext ract t he file and st ore it in MySQL.

18.9.3 Discussion

One special kind of web input is an uploaded file. A file is sent as part of a POST r equest , but it s handled different ly t han ot her POST param et ers, because a file is represent ed by several pieces of inform at ion such as it s cont ent s, it s MI ME t ype, it s original filenam e on t he client , and it s nam e in t em porary st orage on t he web server host . To handle file uploads, you m ust send a special kind of form t o t he user; t his is t rue no m at t er what API you use t o creat e t he form . However, when t he user subm it s t he form , t he operat ions t hat check for and process an uploaded file are API -specific. To creat e a form t hat allows files t o be uploaded, t he opening form t ag should specify t he POST m et hod and m ust also include an enctype encoding t ype at t ribut e wit h a value of multipartform-data : form method=POST enctype=multipartform-data action= script_name I f you dont specify t his kind of encoding, t he form will be subm it t ed using t he default encoding t ype applicationx-www-form-urlencoded and file uploads will not work properly. To include a file upload field in t he form , use an input elem ent of t ype file . For exam ple, t o present a 60-charact er file field nam ed upload_file , t he elem ent looks like t his: input type=file name=upload_file size=60 The browser displays t his field as a t ext input box int o which t he user can ent er t he nam e m anually. I t also present s a Browse but t on for select ing t he file via t he st andard file-brow sing syst em dialog. When t he user chooses a file and subm it s t he form , t he browser encodes t he file cont ent s for inclusion int o t he result ing POST request . At t hat point , t he web server receives t he request and invokes your script t o process it . The specifics vary for part icular API s, but file uploads generally work like t his: • The file will already have been uploaded and st ored in a t em porary direct ory by t he t im e your upload- handling script begins execut ing. All your script has t o do is read it . The t em porary file will be available t o your script eit her as an open file descript or or t he t em porary filenam e, or perhaps bot h. The size of t he file can be obt ained t hrough t he file descript or. The API m ay also m ake available ot her inform at ion about t he file, such as it s MI ME t ype. But not e t hat som e browsers m ay not send a MI ME value. • Uploaded files are delet ed aut om at ically by t he web server when your script t erm inat es. I f you want a files cont ent s t o persist beyond t he end of your script s execut ion, youll have t o save it t o a m ore perm anent locat ion for exam ple, in a dat abase or som ewhere else in t he filesyst em . I f you save it in t he filesyst em , t he direct ory where you st ore it m ust be accessible t o t he web server. • The API m ay allow you t o cont rol t he locat ion of t he t em porary file direct ory or t he m axim um size of uploaded files. Changing t he direct ory t o one t hat is accessible only t o your web server m ay im prove securit y a bit against local exploit s by ot her users wit h login account s on t he server host . This sect ion discusses how t o creat e form s t hat include a file upload field. I t also dem onst rat es how t o handle uploads using a Perl script , post _im age.pl. The script is som ewhat sim ilar t o t he