CODEWITHSUNDEEP
phpfile-upload
Rsmithy
Rsmithy

Reputation: 312

PHP upload to specific folder

I am trying to do a php upload that will upload into a specific folder. One would choose the file they wish to upload next to a dropdown box which is a folder list. This is because it organises files. 

<?php 
session_start();
if(!isset($_SESSION["USER"]["Admin"])){
    header("Location: index.html?unath");
}

$folder = mysql_real_escape_string($_POST['loc']);

$target_path = "../../shared/docs/$folder";




$upload2 = $target_path  .  basename( $_FILES['uploadedfile']['name']); 

if(move_uploaded_file($_FILES['uploadedfile']['tmp_name'], $upload2)) {
    echo "The file ".  basename( $_FILES['uploadedfile']['name']). 
    " has been uploaded";
} else{
    echo "There was an error uploading the file, please try again!";
}

?>

Currently the code uploads the file into the "docs" folder and not docs/folder. Instead it puts the folder name in front of the file. For example- if the folder is called "abc" and my file is called robs.docx it will upload it to the main Docs folder and call it abcrobs.docx

Upvotes: 0

Views: 2631

Answers (5)

mewm
mewm

Reputation: 1277

You should properly escape your variables:

$target_path = "../../shared/docs/". $folder ."/";

Upvotes: 0

deceze
deceze

Reputation: 522567

  1. You do not need mysql_real_escape_string because there's no SQL involved here.
  2. If no database connection is established, mysql_real_escape_string returns null. So you're probably throwing away the $_POST['loc'] value.
  3. You should never ever use user supplied values for manipulating anything on the filesystem without really, really thorough inspection of what you're going to manipulate. See Security threats with uploads.
  4. Use var_dump liberally to see what your values look like at various stages and do some debugging.

Upvotes: 1

Josh
Josh

Reputation: 2895

Add a / on the end of your $target_path:

$target_path = "../../shared/docs/$folder/";

Upvotes: 0

tomsv
tomsv

Reputation: 7277

You are missing a slash after $target_path

Upvotes: 0

Ofir Baruch
Ofir Baruch

Reputation: 10346

You have a missing slash

Replace this line:

$upload2 = $target_path  .  basename( $_FILES['uploadedfile']['name']);

with:

$upload2 = $target_path  ."/".  basename( $_FILES['uploadedfile']['name']);

OR:

Replace this line:

$target_path = "../../shared/docs/$folder";

with:

$target_path = "../../shared/docs/".$folder."/";

Upvotes: 2

Related Questions