create folder using a form with a given name

Forum Moderators: coopster

Message Too Old, No Replies

create folder using a form with a given name

create dir using php

GertK

5:38 pm on Jan 10, 2014 (gmt 0)

Im trying to make a html form that can create a folder on the server with a given name in the html form. So fare I have this code:

<?
if (isset($_POST['createDir'])) {
  //get value of inputfield
  $dir = $_POST['dirname'. var_dump($_POST)];
  //set the target path ?
  $targetfilename = PATH . '/' . $dir;
  if (!file_exists($dir)) {
    mkdir($dir, 0777, true); //create the directory
  }
}

print_r($_POST); exit;
?>


<form method="POST" action="<?=$_SERVER["PHP_SELF"]?>" name="myform" id="myform">
<input name="dirname" id="dirname" >  
<input type="submit" name="dirname" value="dirname" title="Continue to the next step">
</form>

The debug say: Array ( )

the script is nothing i have wrote but trying to put thing together to get it working but have not fix this for days now. Please advice.

laidbackwebsage

7:14 pm on Jan 11, 2014 (gmt 0)

The problem is where you are setting the value of "$dir".

What you are actually doing is setting the value of "$dir" to be equal to the value of "$_POST"; that is why you are seeing a return value of "Array".

What you need to do is something like:

$dir = $_POST['myDirectoryName']

laidbackwebsage

7:21 pm on Jan 11, 2014 (gmt 0)

Sorry, I should mention a couple of other things:

It is not good practice to use PHP reserved words as part of variable names or other identifiers. That is why I changed 'dirname' from your form to 'myDirectoryName' in my example.

Also, you should ALWAYS sanitize user input before using it; see [stackoverflow.com ]

GertK

8:13 pm on Jan 11, 2014 (gmt 0)

Thanks for the answer. I fixed my self. This is the codes I use now:

$foldername1 = $_POST['foldername1'];
$foldername2 = $_POST['foldername2'];
$path1 = '../folder1/' . $foldername1;
$path2 = '../folder2/' . $foldername2;
mkdir($path1);
mkdir($path2);

Now its creating 2 dir where i request it to do.

I to create the it i use the HTML:
<form action="<?=$_SERVER["PHP_SELF"]?>" method="POST">
folder1: <input type="textarea" size="40" name="foldername1" id="foldername1"><br><br>
folder2: <input type="textarea" size="40" name="foldername2" id="foldername2"><br><br>
<input type="submit" value="Create directory">
</form>

IS the above correct? IS it safe?

laidbackwebsage

8:55 pm on Jan 11, 2014 (gmt 0)

It's "correct" if it gives you the results you want. :-)

Since it looks like you're not sanitizing the form input data, it's probably not safe at all. For instance, what happens if I enter a folder name of '../../../../../../bad_stuff'? Will there then be a root directory '/bad_stuff' with possibly permissions that will allow me to add my own files?

Sanitize ANY data that comes from the outside!