There are several ways to do this. Most sensible is using mkdir.

UPDATE:

There is nothing worse on Answers than someone who follows up a question with a criticism, then provides worse code.

In the code below, the user creates a directory based on a querystring parameter.

1. Anyone can now create whatever directories he wants to create on your server by simply calling the script and passing a new querystring parameter that contains the name of the directory he wants created.

2. To wreck your script and possibly crash your server, all a hacker has to do is poison the querystring parameter with a character he knows won’t be accepted by the filesystem.

3. The user needs to know the HTTP relative path to his directory so he can link to it. If he doesn’t know the directory path structure, he can’t access resources in his directory.

Yes, it is inherently unsafe to provide upload access to a directory that is in your HTTP path:

But this question says nothing about this.

I really wish that people would leave well enough alone on this board and not make fools of themselves by claiming something isn’t right, when it is; and then introducing code that creates a whole new bunch of problems that need to be resolved.

That’s a security vuln.
Use