Teen Programmers Unite  


Return to forum top

Uploading a string...

Posted by D_Dave [send private reply] at January 20, 2003, 12:35:09 PM

I need to upload a string of data (lots of numbers) into .txt file on my website. I'm using VB6 and was going to FTP the text file, but this is unsecure seein as i only have 1 ftp, and password, which will be in my program, and a simple bit of packet sniffing will get the whole lot...

Another idea i was going to try was using php (or simillar) and use the webbrowser control: webbrowser1.navigate "http://mysite.com/blah/page.php?" & (string) get the idea? then the php will write the string to the text file.

1). would this be possible?
2). How?

Thanks for any info


Posted by taubz [send private reply] at January 20, 2003, 12:41:48 PM

How is that any more secure? I don't think you need to worry about packet sniffing. Passwords are sent in the clear all the time, e.g. logging in to TPU.

- taubz

Posted by Psion [send private reply] at January 20, 2003, 12:47:25 PM

This doesn't mean you have to stand for it. =)

Try using a secure file transfer protocol like SCP instead.

Posted by CViper [send private reply] at January 20, 2003, 12:54:02 PM

packetsniffing won't be the big problem with your application if you do the FTP thing; the password (if stored as a string) will be plaintext in the final .exe (or whatever your distributing).

The php thing would be more secure, as you can control what effectivly gets stored (by filtering out any invalid data). You wouldn't even need to send any passwords.

Posted by buzgub [send private reply] at January 21, 2003, 01:39:55 AM

It would be possible. The php page you'd need to write would be incredibly simple; I'd suggest that you go and read the PHP manual at http://www.php.net/

Posted by D_Dave [send private reply] at January 21, 2003, 12:09:55 PM

Thank you for your replies...i was going to have the password encrypted in the final exe, which was then decrypted at runtime (by the exe) but then i thought of the sniffing thing - It's not just people being able to get my password (well, it is..) but also if i change it...

The ftp/password thing wont be a probelm if a few people are using it...but imaging the problems if microsoft had their website passwords sent in plain text from MS/Word...hehe, major problems (i know i know, im not microsoft, but it's still similar!!!!---ish!)

Im using the following html/php to upload a file, which will be handled by upload.php

<form method="post" action="upload.php" enctype="multipart/form-data">
<input name="userfile[]" type="file">
<input type="submit" value="Upload" >

How could i get the file box to display a filename already when loaded? e.g. C:\textfile.txt and also, how how could i get the submit button hidden and automatically presses on startup? So effectively, page will upload a file whenever it is loaded... Any ideas?

Thanks for your time...


Posted by CViper [send private reply] at January 21, 2003, 12:49:36 PM

I don't think you can do that automatically; atleast JavaScript disables automatic submitting of forms containing files, and my guess is everything else will do aswell...
Would be a major security issue if people could upload any files from your HD "behind the scenes", ie. without asking the user.

Posted by taubz [send private reply] at January 21, 2003, 12:50:34 PM

Unless you're using HTTPS or another protocol, using forms or PHP or whatever is no more secure than plaintext.

You can probably use the VALUE attribute of INPUT to give a default upload file, and you can use JavaScript to press the submit button.

- taubz

Posted by buzgub [send private reply] at January 23, 2003, 04:27:16 AM

I would use GET rather than POST to send your data. This means that you would just send a http request for a url like http://yoursite.com/messageup.php?message=Some+text+goes+here.

For some reason, I think I've said that before.

Posted by DragonWolf [send private reply] at January 24, 2003, 08:34:47 AM

The input type "file" has value="C:\textfile.txt" that can be used to enter a default file.

If I remember correctly, IE and netscape will not send a default file (such as the value="blahblah.txt") OR a system file (anything in C:\windows\) without prompting the user first. If the user edits the field and it isn't a system file, then it doesn't bother prompting the user.

I don't know how the browsers deal with Javascript. I'd assume they don't let javascript edit inputs of type "file"

Posted by DragonWolf [send private reply] at January 24, 2003, 08:38:08 AM

As for an immediate submit, you can probably do that using submit.

Posted by D_Dave [send private reply] at January 25, 2003, 05:50:42 AM

In the end, i used PHP,

webbrowser1.navgate www.blah.com/file.php?variable="DATA"

That worked fine :-)

Thanks for the help


You must be logged in to post messages and see which you have already read.

Log on
Save for later automatic logon

Register as a new user
Copyright TPU 2002. See the Credits and About TPU for more information.