|On May 20, 2009, CGISRVPGM2 subprocedure zhbGetInput() has been added the ability to upload PC files.
The work was done by Ron Egyed, RJE Consulting Inc, New Port Richey (FL), U.S..
The way this feature works is very simple:
- If a <form ...> includes the parameter enctype="multipart/form-data", it can upload PC files.
- A nice way to let the user browse the PC an pick up the file to be uploaded is that of using
<input type="file" name="namexxx" size="..." device="files">
where namexxx is a name of your choice.
- When the form is submitted, a copy of the PC file is sent to the HTTP server
- As soon as the CGI program runs subprocedure zhbGetInput(), the file is uploaded to IFS directory /tmp
- Subprocedure zhbGetInput() provides two input variables that can be received by subprocedure zhbGetVar():
Please note that namexxx is the name you have assigned to the input variable in your form.
- the first, named namexxx, contains the name of the PC file (e.g. mytext.txt).
Note. Usually browsers, when uploading a file to a server, transfer just the PC file name, not its path.
This is done for security reasons. However, MS Internet Explorer may also transfer the file path (e.g. C:\mypath\mytext.txt).
This is a problem, therefore we recommend to set to disabled the following Internet Explore setting:
Tools-> Internet Options-> Security-> Customized level-> Include local directory path when uploading files to a server.
- the second, named namexxx_tempfile, contains the path and the name of the IFS file uploaded from the PC file.
Files are always uploaded to IFS directory /tmp and are assigned unique names
(e.g. /tmp/mytext_395935_20110128094216294000.txt ).
It is then up to the CGI program to rename the uploaded stream file and to move it to the appropriate IFS directory.
- The CGI program is of course able to receive via subprocedure zhbGetVar() any other input parameter sent from the form.
A sample program taking advantage of the file-upload feature is the ILE-RPG CGI program CGIDEV2/UPLOAD.
To run it click here
To display its source click here
To display its external HTML click here.
For more details on this technique, take a look at an Easy400 similar utility named FUPLOAD2,
Warning for MS Internet Explorer users
If you are using the MicroSoft Internet Explorer browser, it is mandatory that you disable the following default setting:
Validating a file upload request
Though the ability to upload files sounds great, there might be a need to restrict it to some users or to some file types (extensions).
There are two ways to perform such a validation:
In principles, this is the best approach, as the validation process takes place on the client and is immediate.
The only validation that makes sense on the client side is on the extension of the file to be uploaded.
named ValidateExtension(). This function works on three arguments:
Parameters b) and c) should be customized according to the installation needs.
However, as this may be an hazard, a special command - cgidev2/updalwext - has been developed to customize these parameters,
which are then set in the script from program UPLOAD as output variables.
- the name of the file to be uploaded
- a constant (possible values 'yes' or 'no') telling whether extension validation should take place
- an array of allowed extensions
A file upload goes through two stages:
What you could then do is to write such a Validation User Program and make it available for the appropriate Exit Point.
This is how you do it:
- The PC file(s) are trasmitted to the server along with any other input field. This is done by the HTTP server.
- The application program (the CGI program) takes care of receiving the input variables and the input file(s).
This occurs when CGIDEV2/CGISRVPGM2 subprocedure ZhbGetInput() is invoked.
Usually ZhbGetInput() would copy the input file(s) to IFS stream file(s) in directory /tmp.
However, before creating an IFS stream file, subprocedure ZhbGetInput() checks whether an Exit Point Validation User Program
is available and, if so, asks it to validate the file.
- If the validation is successful, the PC file is uploaded to an IFS stream file.
- If the validation fails, no IFS stream file is created, the name of the file is returned as
*** NOT VALIDATED ***
and an error message is written to the CGIDEBUG file.
- The validation program receives two parameters, the qualified name (path, file name and extension) of the IFS stream file to be created and a return code:
D UPLOADVAL pr
D filename 1024 varying
D retcode 10i 0
D UPLOADVAL pi
D filename 1024 varying
D retcode 10i 0
- A value 0 (zero) of the return code means that the PC file passed the validation,
a value -1 means that the validation was not passed (failed).
- Most sensitive items for validation are the file extension and the user name
(the user name, to be available, requires user validation through the appropriate HTTP directives).
- The validation program could as well return a different qualified name for the IFS stream file to be created.
- As an example, you could look at program CGIDEV2/UPLOADVAL,
press here to display its source.
Please note that this validation program accepts only files with extension csv.
- Run command cgidev2/updexitp. The following screen appears:
Update Exit Points
Type option, press Enter.
Exit point User program
- Type 2 in front of the FILE-UPLOAD-001 exit point name to receive the following screen:
Then type the name and the library name of your upload validation program.
Update Exit Points
Exit point . . . . . . . . FILE-UPLOAD-001
User program . . . . . . .
Library . . . . . . . .
Just as an example you could specify program CGIDEV2/UPLOADVAL.
We suggest to create your own file upload validation program in some library of yours.
Never change CGIDEV2 programs, nor develop objects in library CGIDEV2:
when installing the next CGIDEV2 release your changes would disappear.