The python scripts in this page and in the next one will try to save an uploaded file in a directory named files in the directory where it is running. If the directory where the script is running is /path/to/dir then the /path/to/dir/files directory must exist. If it does not it will fail.

To upload a file the HTML form must have the enctype attribute set to multipart/form-data. The input tag with the file type will create a “Browse” button.


  <html><body>
  <form enctype="multipart/form-data" action="save_file.py" method="post">
  <p>File: <input type="file" name="file"></p>
  <p><input type="submit" value="Upload"></p>
  </form>
  </body></html>
  
The cgi.FieldStorage.getfirst() and cgi.FieldStorage.getlist() methods will only return the file(s) content. To also get the filename it is necessary to access a nested cgi.FieldStorage instance by its index in the top cgi.FieldStorage instance:


  #!/usr/bin/env python
  import cgi, os
  import cgitb; cgitb.enable()
  
  try: # Windows needs stdio set for binary mode.
      import msvcrt
      msvcrt.setmode (0, os.O_BINARY) # stdin  = 0
      msvcrt.setmode (1, os.O_BINARY) # stdout = 1
  except ImportError:
      pass
  
  form = cgi.FieldStorage()
  
  # A nested FieldStorage instance holds the file
  fileitem = form['file']
  
  # Test if the file was uploaded
  if fileitem.filename:
  
      # strip leading path from file name
      # to avoid directory traversal attacks
      fn = os.path.basename(fileitem.filename)
      open('files/' + fn, 'wb').write(fileitem.file.read())
      message = 'The file "' + fn + '" was uploaded successfully'
  
  else:
      message = 'No file was uploaded'
  
  print """\
  Content-Type: text/html\n
  <html><body>
  <p>%s</p>
  </body></html>
  """ % (message,)
  

http://cgi.tutorial.codepoint.net/file-upload