/    Sign up×
Community /Pin to ProfileBookmark

Upload a file without an HTML form? Or…

Copy linkTweet thisAlerts:
Mar 15.2007

maybe hide the file input and write the value to it with js? Here’s what I want to do:

I have a MySQL database in which staff can compose a press release, then select press contacts from another table, and then send the press release via automated emails to all of the selected contacts.

I have a MS Access client for staff to work with the linked MySQL tables. But instead of using VBA to send the emails from the client machine, I’m using PHP to send the emails from the server, because it keeps MS Office from interfering. I have a button on my Access form that uses a hyperlink command to open a browser and send a GET string to a web page. All working great, but now I’m thinking I’d like to have the Access client create a file (maybe a PDF) from the Press Release data that gets pasted into the email body, and attach that file to the email also. I am onto PHPMailer for sending the email with the attachment.

But is there a way to send the file upload data along with the GET? I’m betting not. I can send the file path along in the GET string too, and I can use PHP to print its value into a form’s hidden file input. But then can I somehow redirect to the “ACTION” attribute of the form, without making the user click a button? Can I do it all behind the scenes, and take the user straight to a page that displays results of the script? I’m having trouble because the code I know for redirecting only works if there’s no output yet, and so the form input won’t have the value in it yet, or rather, the form won’t exist yet at the time of redirect…

Just tell me “Get over it. The user has to click a button on the web page after they click a button on your Access form…” Unless you know a secret.

thanks!

to post a comment
PHP

9 Comments(s)

Copy linkTweet thisAlerts:
@bokehMar 15.2007 — maybe hide the file input and write the value to it with js?[/QUOTE]The sandbox wouldn't allow that behaviour.is there a way to send the file upload data along with the GET?[/QUOTE]No!
Copy linkTweet thisAlerts:
@strBeanauthorMar 15.2007 — I'm over it.

I'll send the file path string along with the GET, and the user will confirm what they're sending and to whom they're sending it. I have people who don't like extra steps, but it's a good thing, making them double-check what they're doing.
Copy linkTweet thisAlerts:
@strBeanauthorMar 15.2007 — The HTML reference I am looking at isn't very specific.

Is the VALUE attribute valid with INPUT when TYPE is set to "file"? I'm asking because PHP doesn't seem to want to prefill the file input with the path I'm putting in the GET string. Maybe the HTML mavens have decided that would be malicious? If they have, I would disagree, since the user still has to click Submit.

Please tell me the attribute is valid for a file input and my problem must be hiding in my code!
Copy linkTweet thisAlerts:
@bokehMar 16.2007 — strBean, the [B]sandbox [/B] attempts to stop any behaviour where a file is to be submitted to a site and the user has not been directly involved in the selection of that file.
Copy linkTweet thisAlerts:
@strBeanauthorMar 16.2007 — Well, thanks I think, bokeh.

I asked a simple question, like your signature suggests. You obviously know a lot more about PHP and HTML than I do. I followed your link, and looked at that page for a minute, and I still don't know what a sandbox is or if I'm playing in one.

[b]I asked if the value attribute is valid for the input element, when the type attribute is set to "file". I [i]infer[/i] from your obscure answer that it isn't.[/b]

Apparently it's only other people who are stupid when they don't keep it simple. Or if you think you [i]are[/i] keeping it simple, you should have a heart for stupid people like me.
Copy linkTweet thisAlerts:
@bokehMar 16.2007 — Every decent webbrowser runs all external material in a sandbox. The sandbox isolates the untrustworth external source (your website) from accessing the host system, its input devices and any other external sources that are not on the same domain.

Allowing an untrustworth external source (your website) to pre-fill a file value attribute would give access to a client input device (your harddrive) hence it is a behaviour that should not be permitted.
Copy linkTweet thisAlerts:
@strBeanauthorMar 17.2007 — Thanks for that.

Dude, I have total respect for all of the work that's been done to make the internet both useful and safe. I regret the title of this thread, actually. I operate from a position of total trust (and ignorance) when I suggest that a file name could be sent to a website by the user via a desktop database that the user understands and controls (or at a minimum has decided to trust the developer of the application) instead of via the script that opens the common dialogue after the user has opened an HTML form. I really don't see the difference in user control here. Let's be clear that I'm not talking about giving a server script access to a client's file names before a request has been sent to the server. The user is sending the GET string because the user knows the file path (has used the common dialogue or whatever, already.) Also remember that after the user has sent the request (via Visual Basic, in my hypothetical case), I'm talking about the user reviewing what the browser has pasted into the file input before clicking Upload. My motives are good and when you sound scolding like that it's hard to listen to you.

So, back to the Keep It Simple dept:

Can I do this?

Is the value attribute valid for the file input or not?
Copy linkTweet thisAlerts:
@bokehMar 17.2007 — strBean security must be implimented with the lowest common denominator in mind, (just because you may be trustworth it shouldn't be assumed everyone else is).

The simple answeris it cant be done with either standard HTML or Javascript. The only way around this would be to write an applet and have your clients approve a relaxed level of security with regard to the applet.

A better option would be do the file selection and upload in one go.
Copy linkTweet thisAlerts:
@strBeanauthorMar 17.2007 — Thank you sir for the info. Very helpful.

This is a fun project, by the way. I agree that an applet would be overkill if all I'm after is convenience for staff users. Maybe I'll write "press Ctrl-V to paste in your file selection, review the list of recipients, and click Send" - on the web page to make it as easy as possible for staff.
×

Success!

Help @strBean spread the word by sharing this article on Twitter...

Tweet This
Sign in
Forgot password?
Sign in with TwitchSign in with GithubCreate Account
about: ({
version: 0.1.9 BETA 5.5,
whats_new: community page,
up_next: more Davinci•003 tasks,
coming_soon: events calendar,
social: @webDeveloperHQ
});

legal: ({
terms: of use,
privacy: policy
});
changelog: (
version: 0.1.9,
notes: added community page

version: 0.1.8,
notes: added Davinci•003

version: 0.1.7,
notes: upvote answers to bounties

version: 0.1.6,
notes: article editor refresh
)...
recent_tips: (
tipper: @Yussuf4331,
tipped: article
amount: 1000 SATS,

tipper: @darkwebsites540,
tipped: article
amount: 10 SATS,

tipper: @Samric24,
tipped: article
amount: 1000 SATS,
)...