Creating directories... : Newbie Question

Hey all I have this is a script:

<?php


$city = $_GET['city'];
$state = $_GET['state'];

if($file_name !="")
{
copy ("$file", "/home/guestdir/www/olcg/WPA/$state/$city/$file_name")
or die("Could not copy file");
}
else { die("No file specified"); }
?>

What I'd like to do:

1. I have the ability to upload graphics into a directory.
2. If directory isn't available create that directory and upload the
graphics to that directory.
2. the ability to save the file path to sql


Any direction would be greatly appreciated.

phatnugs420@comcast.net wrote:

> Hey all I have this is a script:
>
> <?php
>
>
>   $city = $_GET['city'];
>   $state = $_GET['state'];
>
> if($file_name !="")
> {
> copy ("$file", "/home/guestdir/www/olcg/WPA/$state/$city/$file_name")
>          or die("Could not copy file");
> }
> else { die("No file specified"); }
> ?>
>
> What I'd like to do:
>
> 1. I have the ability to upload graphics into a directory.
> 2. If directory isn't available create that directory and upload the
> graphics to that directory.
> 2. the ability to save the file path to sql
>
> Any direction would be greatly appreciated.

For a start, it's pretty dangerous to let a form input just create
directories willy-nilly, but the warning aside...

You would need to use is_dir() to check the state and city directories exist
and create them where appropriate.

The directories need to be world-writeable so the web server is able to
write to them (ie your /home/guestdir/www/olcg/WPA directory needs to be
world-writeable); this in itself is another security risk, as it means
anyone else on the server could potentially write to these directories as
well.

$root = "/home/guestdir/www/olcg/WPA";
if(!is_dir("$root/$state")) {
mkdir("$root/$state");
}
if(!is_dir("$root/$state/$city")) {
mkdir("$root/$state/$city");
}

Getting the file from the form is covered nicely in the PHP manual at
http://www.php.net/manual/en/features.file-upload.php

Just remember to put enctype="multipart/form-data" in your form tag (this is
probably one of the most common mistakes when it comes to file uploads).

Saving the data to the database is a simple SQL query, but the functions
used depend on the database server you are using, or whether you're using
something like the PEAR library or the ADODB one.

--
Chris Hope - The Electric Toolbox - http://www.electrictoolbox.com/

Not sure where you getting the files..

so write a file upload routine  php.net example here
http://us2.php.net/features.file-upload
then test to see if directory exist if not make directory and move file to
that directory.

might not be the best code but you can get the idea

<?php
// In PHP versions earlier than 4.1.0, $HTTP_POST_FILES should be used
instead
// of $_FILES.

$city = $_REQUEST['city'];
$state = $_REQUEST['state'];

$base_dir = "/home/guestdir/www/olcg/WPA/";

// Test to see if directory exists or not
if(!is_dir("$base_dir/$state/$city"){
mkdir("$base_dir/$state/$city", 0700);
}

$uploaddir = "$base_dir/$state/$city";

$uploadfile = $uploaddir . basename($_FILES['userfile']['name']);

if  (move_uploaded_file($_FILES['userfile'][
'tmp_name'], $uploadfile)) {
echo "File is valid, and was successfully uploaded.\n";
} else {
echo "Possible file upload attack!\n";
}

?>


<phatnugs420@comcast.net> wrote in message
news:BD9097B9.948F%phatnugs420@comcast.net...
> Hey all I have this is a script:
>
> <?php
>
>
>  $city = $_GET['city'];
>  $state = $_GET['state'];
>
> if($file_name !="")
> {
> copy ("$file", "/home/guestdir/www/olcg/WPA/$state/$city/$file_name")
>         or die("Could not copy file");
> }
> else { die("No file specified"); }
> ?>
>
> What I'd like to do:
>
> 1. I have the ability to upload graphics into a directory.
> 2. If directory isn't available create that directory and upload the
> graphics to that directory.
> 2. the ability to save the file path to sql
>
>
> Any direction would be greatly appreciated.
>
>