我的网站允许用户将声音文件上传到服务器。用户注册时创建目录(如用户名)。
mkdir("speaking/uploads/".$myusername,0777);
当用户想要登录时:
$myusername=$_POST['myusername'];
$mypassword=$_POST['mypassword'];
$_SESSION['myusername'] = $myusername;
$sql="SELECT * FROM $tbl_name WHERE username='$myusername' and pass='$mypassword'";
$result=mysql_query($sql);
$count=mysql_num_rows($result);
if($count==1){
header("location:index.php");
}
else {
echo "Wrong Username or Password";
}
我想将上传的文件转到他的文件夹,但文件会转到上传目录。
<?php
$uploads_dir = './uploads/'.$_SESSION['myusername'];
if( $_FILES['Filedata']['error'] == 0 ){
if( move_uploaded_file( $_FILES['Filedata']['tmp_name'], $uploads_dir.$_FILES['Filedata']['name'] ) ){
echo 'ok';
exit();
}
}
echo 'error';
exit();
?>
怎么能这样做? 有没有更好更安全的想法呢?
答案 0 :(得分:0)
您忘记添加 session_start ,它将为空,以便将其上载到父文件夹中,以便将代码更改为:
<?php
session_start();//start the session first
$uploads_dir = './uploads/'.$_SESSION['myusername'];
if( $_FILES['Filedata']['error'] == 0 ){
if( move_uploaded_file( $_FILES['Filedata']['tmp_name'], $uploads_dir.$_FILES['Filedata']['name'] ) ){
echo 'ok';
exit();
}
}
echo 'error';
exit();
?>
答案 1 :(得分:0)
好像你错过了session_start():
<?php
// H E R E !
session_start();
$uploads_dir = './uploads/'.$_SESSION['myusername'];
此外,使用来自用户输入($_POST['myusername'])的文件夹名称是一个非常糟糕的主意,如果没有像这样在那里取消确定!!!