It's "correct" if it gives you the results you want. :-)
Since it looks like you're not sanitizing the form input data, it's probably not safe at all. For instance, what happens if I enter a folder name of '../../../../../../bad_stuff'? Will there then be a root directory '/bad_stuff' with possibly permissions that will allow me to add my own files?
Sanitize ANY data that comes from the outside!