homepage Welcome to WebmasterWorld Guest from 23.22.173.58
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member
Home / Forums Index / Code, Content, and Presentation / PHP Server Side Scripting
Forum Library, Charter, Moderators: coopster & jatar k

PHP Server Side Scripting Forum

    
create folder using a form with a given name
create dir using php
GertK



 
Msg#: 4636521 posted 5:38 pm on Jan 10, 2014 (gmt 0)

Im trying to make a html form that can create a folder on the server with a given name in the html form. So fare I have this code:

<?
if (isset($_POST['createDir'])) {
//get value of inputfield
$dir = $_POST['dirname'. var_dump($_POST)];
//set the target path ?
$targetfilename = PATH . '/' . $dir;
if (!file_exists($dir)) {
mkdir($dir, 0777, true); //create the directory
}
}

print_r($_POST); exit;
?>


<form method="POST" action="<?=$_SERVER["PHP_SELF"]?>" name="myform" id="myform">
<input name="dirname" id="dirname" >
<input type="submit" name="dirname" value="dirname" title="Continue to the next step">
</form>


The debug say: Array ( )

the script is nothing i have wrote but trying to put thing together to get it working but have not fix this for days now. Please advice.

 

laidbackwebsage

5+ Year Member



 
Msg#: 4636521 posted 7:14 pm on Jan 11, 2014 (gmt 0)

The problem is where you are setting the value of "$dir".

What you are actually doing is setting the value of "$dir" to be equal to the value of "$_POST"; that is why you are seeing a return value of "Array".

What you need to do is something like:
$dir = $_POST['myDirectoryName']
laidbackwebsage

5+ Year Member



 
Msg#: 4636521 posted 7:21 pm on Jan 11, 2014 (gmt 0)

Sorry, I should mention a couple of other things:

It is not good practice to use PHP reserved words as part of variable names or other identifiers. That is why I changed 'dirname' from your form to 'myDirectoryName' in my example.

Also, you should ALWAYS sanitize user input before using it; see [stackoverflow.com ]

GertK



 
Msg#: 4636521 posted 8:13 pm on Jan 11, 2014 (gmt 0)

Thanks for the answer. I fixed my self. This is the codes I use now:

$foldername1 = $_POST['foldername1'];
$foldername2 = $_POST['foldername2'];
$path1 = '../folder1/' . $foldername1;
$path2 = '../folder2/' . $foldername2;
mkdir($path1);
mkdir($path2);

Now its creating 2 dir where i request it to do.

I to create the it i use the HTML:
<form action="<?=$_SERVER["PHP_SELF"]?>" method="POST">
folder1: <input type="textarea" size="40" name="foldername1" id="foldername1"><br><br>
folder2: <input type="textarea" size="40" name="foldername2" id="foldername2"><br><br>
<input type="submit" value="Create directory">
</form>

IS the above correct? IS it safe?

laidbackwebsage

5+ Year Member



 
Msg#: 4636521 posted 8:55 pm on Jan 11, 2014 (gmt 0)

It's "correct" if it gives you the results you want. :-)

Since it looks like you're not sanitizing the form input data, it's probably not safe at all. For instance, what happens if I enter a folder name of '../../../../../../bad_stuff'? Will there then be a root directory '/bad_stuff' with possibly permissions that will allow me to add my own files?

Sanitize ANY data that comes from the outside!

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Code, Content, and Presentation / PHP Server Side Scripting
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved