file upload question - whats the best way

[pouncer]

[code=php:0]
<?php
$file_dir = "c:/domains/site.com/wwwroot/myftpname";

foreach($_FILES as $file_name => $file_array) {
echo "path: " . $file_array['tmp_name'] . "<br>\n";
echo "name: " . $file_array['name'] . "<br>\n";
echo "size: " . $file_array['type'] . "<br>\n";
echo "type: " . $file_array['size'] . "<br>\n";

if (is_uploaded_file($file_array['tmp_name'])) {
move_uploaded_file($file_array['tmp_name'], "$file_dir/$file_array[name]") or die("Couldnt copy");

echo "file was moved<br><br>";
}
}
?>
[/code]

It works ok. But how can i upload the file to a folder named by $_SESSION['Username']
and if that folder doesnt exist, would it auto-create the folder?

and when the file is uploaded successfully, i should also add entries to a sql table right? to store the filename,link etc etc. this would be easier to loop through the usernames folder and display all their images right?

[roopurt18]

[i]But how can i upload the file to a folder named by $_SESSION['Username'][/i]
Append $_SESSION['Username'] to $file_dir

[i]if that folder doesnt exist, would it auto-create the folder?[/i]
Not sure if it would.  But you should check if the folder exists yourself with file_exists() and is_dir().  If it doesn't exist, you can create it yourself with mkdir().

[i]when the file is uploaded successfully, i should also add entries to a sql table right?[/i]
Probably, it makes life easier in the long run to have a record of what was uploaded, by who, and when.

[i]to store the filename,link etc etc. this would be easier to loop through the usernames folder and display all their images right?[/i]
Not necessarily.  It's just about as easy to open a directory and grab a list of it's contents as it is to write a MySQL query.  But having a matching table is almost always a good idea.

[Stooney]

easier than you might think.  I'll just copy some of my code for ya to look at:

to make the directory
[code]function set_dir($user)
{
$path="users/";
$newdir="$path$user";
mkdir($newdir, 0777);
}
[/code]


the upload code: (this will also check for duplicate filenames and change the uploaded files name until it unique)
[code]$uploaddir = "users/".$_SESSION['username']."/";
$uploadfile = $uploaddir . basename($_FILES['userfile']['name']);

if (file_exists($uploadfile))
{
$tmpVar = 1;
while(file_exists(basename($uploaddir . $tmpVar . '-' . $_FILES['userfile']['name'])))
{
  $tmpVar++;
  }
$uploadfile= $uploaddir . $tmpVar . '-' . $_FILES['userfile']['name'];
  }

if (move_uploaded_file($_FILES['userfile']['tmp_name'], $uploadfile))
{
$uid=$_SESSION['userid'];
$put="insert into filehost_files (uid, name, link, size, date) values ('$uid', '$name', '$uploadfile', '$size', NOW())";
$result=@mysql_query($put);
header("Location: $_SESSION[url] ?loc=upload");
}

else
{
"Possible file upload attack!\n\n";
echo "More info:";
print_r($_FILES);
}[/code]

mkdir() will make the directory if it doesn't exist, if it does already exist then it won't do anything.

[pouncer]

roopert and chris, excellent replies. Thanks guys.

[pouncer]

what does basename do? and 0777 in that line

[roopurt18]

basename() extracts the file name from a string containing a directory path and a file name.

0777 is the permissions for the directory you are creating.  Go to google and search for: man chmod
for a better desription on file permissions.