PHP file upload 'basename'?
Posted: Fri Dec 17, 2004 1:38 am
Hi.
A question on file upload. The user signs in using his/her 'user_id'. He/She wants to upload a file. I want the file submitted by the user to be uploaded to a folder named after the user's id. By default, a folder named after the user's id is created once he/she signs up as a user. The php code which I wrote is shown below. My idea is to use the 'basename' function to copy the uploaded file to the file named $_SESSION('user_id').
Code:
<?php
$userid = $_SESSION["user_id"];
echo 'hello, $_SESSION["user_id"]';
$uploaddir = "/home/www/aaa/fyp/author/scripts/";
$foldername = $uploaddir . basename($userid);
echo $foldername;
$uploadfile = $foldername . basename($_FILES["userfile"]["name"]);
if (move_uploaded_file($_FILES["userfile"]["tmp_name"], "$uploadfile/$userid")) {
echo "File is valid, and was successfully uploaded.\n";
} else {
echo "Possible file upload attack!\n";
}
?>
Result:
hello, $_SESSION["user_id"]/home/www/aaa/fyp/author/scripts/File is valid, and was successfully uploaded.
The result is not what I want. Not only was the actual $_SESSION["user_id"] not being reflected, the destination of the file upload was also wrong. The desired destination is " /home/www/aaa/fyp/author/scripts/"user_id" ".
Can someone help me with this? Thank you very much!
Regards,
dbf
A question on file upload. The user signs in using his/her 'user_id'. He/She wants to upload a file. I want the file submitted by the user to be uploaded to a folder named after the user's id. By default, a folder named after the user's id is created once he/she signs up as a user. The php code which I wrote is shown below. My idea is to use the 'basename' function to copy the uploaded file to the file named $_SESSION('user_id').
Code:
<?php
$userid = $_SESSION["user_id"];
echo 'hello, $_SESSION["user_id"]';
$uploaddir = "/home/www/aaa/fyp/author/scripts/";
$foldername = $uploaddir . basename($userid);
echo $foldername;
$uploadfile = $foldername . basename($_FILES["userfile"]["name"]);
if (move_uploaded_file($_FILES["userfile"]["tmp_name"], "$uploadfile/$userid")) {
echo "File is valid, and was successfully uploaded.\n";
} else {
echo "Possible file upload attack!\n";
}
?>
Result:
hello, $_SESSION["user_id"]/home/www/aaa/fyp/author/scripts/File is valid, and was successfully uploaded.
The result is not what I want. Not only was the actual $_SESSION["user_id"] not being reflected, the destination of the file upload was also wrong. The desired destination is " /home/www/aaa/fyp/author/scripts/"user_id" ".
Can someone help me with this? Thank you very much!
Regards,
dbf