我想知道如何使用PHP根据名为'UserID'的会话变量创建目录(在HTML上传按钮上单击)。
这就是我试图做的事情:
<?php
include("login.php");
?>
<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>FileStore - Upload Files</title>
<link rel="stylesheet" href="./CSS/style.css" type="text/css" media="screen, projection" />
</head>
<body>
<div id="wrapper">
<header id="header">
<div id="header-content">
<strong><h1>FileStore</h1></strong> Upload multiple files at once!
</div>
<div class="login-info" >
<?php
if ($isLoggedin === false) {
echo ' <form action="" method="POST">
Username: <input name="username" >
Password: <input type="password" name="password" size="8">
<input type="submit" name="submit" value="Login">
</form>';
echo "<p align='right'>You are not logged in.</p>";
echo "<b><a href='registration.php'>Register</a></b>";
}else{
echo $welcomeMsg;
}
?>
</div>
</header><!-- #header-->
<section id="middle" align="center">
<div id="container">
<br><br>
<div id="content">
<strong><h1>Upload files</h1></strong><br><br>
<div id="upload-file" >
<?php
include("dbConfig.php");
$Username = $_SESSION["username"];
//$Password = $_SESSION["password"];
$Password = md5($Password);
$sql = "SELECT UserID FROM users WHERE Username = '".$Username."' AND Password = '".$Password."'";
$result = mysql_query($sql) or die(mysql_error());
while($row = mysql_fetch_assoc($result)) {
$userid = $row['UserID'];
}
echo $userid;
$dirname = $userid;
$filename = ("/folder/" . "$dirname" . "/");
if (!file_exists($filename))
{
mkdir("files/'$userid'", 0777);
} else {
if (isset($_FILES['files'])) {
echo "<div id='files_table'><table class='center'.><tr><td>";
foreach($_FILES['files']['tmp_name'] as $key => $tmp_name){
move_uploaded_file($tmp_name, "files/'".$userid."'{$_FILES['files']['name'][$key]}");
echo $_FILES['files']['name'][$key], " uploaded.", "<br>";
}
echo "</td></tr></table></div><br><br>";
}
}
if (isset($_FILES['files'])) {
echo "<div id='files_table'><table class='center'.><tr><td>";
foreach($_FILES['files']['tmp_name'] as $key => $tmp_name){
move_uploaded_file($tmp_name, "files/'".$userid."'{$_FILES['files']['name'][$key]}");
echo $_FILES['files']['name'][$key], " uploaded.", "<br>";
}
echo "</td></tr></table></div><br><br>";
}
?>
<form action="" method="post" enctype="multipart/form-data">
<h1> Select files to upload:</h1>
<br>
<p>
<input type="file" name ="files[]" multiple min="1" />
<input type="submit" value="Upload" />
</p>
<br>
<h2> You can select multiple files for upload. </h2>
</form>
</div>
</div><!-- #content-->
</div><!-- #container-->
<aside id="sideLeft">
<div id="menu-x" align="center"><br>
<strong>Menu</strong><br><br>
<div class="menu">
<ul>
<li><a href="index.php">Home</a></li>
<li><a href="upload.php">Upload</a></li>
<li><a href="files.php">Files</a></li>
<li><a href="about.php">About</a></li>
<li><a href="help.php">Help</a></li>
<li><a href="#">Logout</a></li>
</ul>
<br style="clear:left"/>
</div>
</div>
</aside><!-- #sideLeft -->
</section><!-- #middle-->
<footer id="footer">
<strong>FileStore:</strong> A CMT 3315 Project by Brian Livori
</footer><!-- #footer -->
</div><!-- #wrapper -->
</body>
</html>
这不起作用。我收到以下错误消息:
注意:未定义的变量:密码在 第70行的C:\ xampp \ htdocs \ Task2PHP \ final \ upload.php
注意:未定义的变量:userid in 第83行的C:\ xampp \ htdocs \ Task2PHP \ final \ upload.php
注意:未定义的变量:userid in 第85行的C:\ xampp \ htdocs \ Task2PHP \ final \ upload.php
注意:未定义的变量:userid in 第93行的C:\ xampp \ htdocs \ Task2PHP \ final \ upload.php
警告:mkdir():文件存在于 第93行的C:\ xampp \ htdocs \ Task2PHP \ final \ upload.php
知道我该怎么做吗?
答案 0 :(得分:0)
除了下面关于安全问题的评论:
$userid未设置。这意味着您的查询没有返回任何行。您应该将错误处理添加到所有数据库调用(您应该更改为PDO / mysqli),包括没有找到用户的场景; /folder/" . "$dirname" . "/",但之后尝试生成目标"files/'$userid'"。这应该是"/folder/$userid"或更加一致"/folder/'$dirname'"; /folder的文件夹中,因此您应该检查它。