Posted by Kimmo Laine on 07/27/06 06:37

"PTM" <p.milbanke@vodafone.net> wrote in message
news:bFSxg.27925$u%3.4203@newsfe1-gui.ntli.net...
> "walterbyrd" <walterbyrd@iname.com> wrote in message
> news:1153955176.597956.191740@75g2000cwc.googlegroups.com...
>>
>> PTM wrote:
>>
>>> php is server side. once your page is loaded it cant actually do
>>> anything
>>> with it unless a link or button requests another php function or script
>>>
>>
>> As mentioned in my original post: "I want the user to click on
>> a link, and the server side php app does the rest." Instead of the
>> user entering the path and file name, I want the path and file name as
>> part of the code.
>>
>>> you could always use a hidden field containing the information you would
>>> expect for the file to be submitted.
>>> then have a submit button that would process the form and do the upload.
>>> you would also need to verify that the file was actually located and
>>> called
>>> what you expected, users being what they are this might not always be
>>> the
>>> case
>>
>> Something like that might work. I wish I could have the default path
>> and file name in the box, like you can do when input="text" maybe I'll
>> just put the default path/file name above the box, where it can easily
>> cut and pasted.
>>
>
> if its always going to be the same and you don't need the user to browse
> to the file, then a standard input box might work ok.
> but if you do need the browse, you could try using a javascript to set the
> contents of the box when the page loads


Allthough the html 4.01 specification* suggests that a default filename
could be used in a file type input field, it's prevented in the most common
browsers simply because of user security. You just don't want a situation
where a malicious webpage has filefields pointing to your important files
and it's autosubmitted using javascript. To prevent malicious practise like
this, file fields may not have an initial value.

Of course "phishing" like this would require the malicious page to correctly
guess the locations of sensitive files, but I'm sure that if it was
possible, it wouldn't take long for someone to think of a way of exploiting
it. It's for your own safety that you cannot do this.

*) http://www.w3.org/TR/REC-html40/interact/forms.html#h-17.4.1
FILE
Creates a file select control. User agents may use the value of the value
attribute as the initial file name.

--
"Ohjelmoija on organismi joka muuttaa kofeiinia koodiksi" - lpk
http://outolempi.net/ahdistus/ - Satunnaisesti p�ivittyv� nettisarjis
spam@outolempi.net || Gedoon-S @ IRCnet || rot13(xvzzb@bhgbyrzcv.arg)

• Next in forum: Re: String parsing question...
• Prev in forum: Re: PHP and Javascript
• Thread view: Re: upload a file without user having to browse or enter file name

[Reply to this message]