Welcome to WebmasterWorld Guest from 54.167.46.29

Forum Moderators: coopster & jatar k

Message Too Old, No Replies

create folder using a form with a given name

create dir using php

     
5:38 pm on Jan 10, 2014 (gmt 0)

New User

joined:Nov 4, 2013
posts: 10
votes: 0


Im trying to make a html form that can create a folder on the server with a given name in the html form. So fare I have this code:

<?
if (isset($_POST['createDir'])) {
//get value of inputfield
$dir = $_POST['dirname'. var_dump($_POST)];
//set the target path ?
$targetfilename = PATH . '/' . $dir;
if (!file_exists($dir)) {
mkdir($dir, 0777, true); //create the directory
}
}

print_r($_POST); exit;
?>


<form method="POST" action="<?=$_SERVER["PHP_SELF"]?>" name="myform" id="myform">
<input name="dirname" id="dirname" >
<input type="submit" name="dirname" value="dirname" title="Continue to the next step">
</form>


The debug say: Array ( )

the script is nothing i have wrote but trying to put thing together to get it working but have not fix this for days now. Please advice.
7:14 pm on Jan 11, 2014 (gmt 0)

New User

5+ Year Member

joined:Apr 19, 2006
posts: 9
votes: 0


The problem is where you are setting the value of "$dir".

What you are actually doing is setting the value of "$dir" to be equal to the value of "$_POST"; that is why you are seeing a return value of "Array".

What you need to do is something like:
$dir = $_POST['myDirectoryName']
7:21 pm on Jan 11, 2014 (gmt 0)

New User

5+ Year Member

joined:Apr 19, 2006
posts: 9
votes: 0


Sorry, I should mention a couple of other things:

It is not good practice to use PHP reserved words as part of variable names or other identifiers. That is why I changed 'dirname' from your form to 'myDirectoryName' in my example.

Also, you should ALWAYS sanitize user input before using it; see [stackoverflow.com ]
8:13 pm on Jan 11, 2014 (gmt 0)

New User

joined:Nov 4, 2013
posts: 10
votes: 0


Thanks for the answer. I fixed my self. This is the codes I use now:

$foldername1 = $_POST['foldername1'];
$foldername2 = $_POST['foldername2'];
$path1 = '../folder1/' . $foldername1;
$path2 = '../folder2/' . $foldername2;
mkdir($path1);
mkdir($path2);

Now its creating 2 dir where i request it to do.

I to create the it i use the HTML:
<form action="<?=$_SERVER["PHP_SELF"]?>" method="POST">
folder1: <input type="textarea" size="40" name="foldername1" id="foldername1"><br><br>
folder2: <input type="textarea" size="40" name="foldername2" id="foldername2"><br><br>
<input type="submit" value="Create directory">
</form>

IS the above correct? IS it safe?
8:55 pm on Jan 11, 2014 (gmt 0)

New User

5+ Year Member

joined:Apr 19, 2006
posts: 9
votes: 0


It's "correct" if it gives you the results you want. :-)

Since it looks like you're not sanitizing the form input data, it's probably not safe at all. For instance, what happens if I enter a folder name of '../../../../../../bad_stuff'? Will there then be a root directory '/bad_stuff' with possibly permissions that will allow me to add my own files?

Sanitize ANY data that comes from the outside!
 

Join The Conversation

Moderators and Top Contributors

Hot Threads This Week

Featured Threads

Free SEO Tools

Hire Expert Members