PHP then checks to see if the form is submitted:

if(isset($_POST['submit'])){

Then the form variables are checked and escaped for use in the insert query:

//check vars

if(!$_FILES['userfile']['name']) {

$err = true;

$msg .= "<BR>Please upload a file.";

}

$fname=mysql_escape_string($_FILES['userfile']['name']);

$p_pid=mysql_escape_string($_POST['p_pid']);

Then the form values are inserted into the files table:

//insert

if(!$err){

$insert = "INSERT INTO files SET filename = '".$fname."',";

$insert .= "p_id= '".$p_pid."'";

if(!mysql_query($insert)){

echo mysql_error();

}else{

The next line stores the record id of the newly inserted record, and then a message is set in the $msg variable:

$newid=mysql_insert_id();

$msg= "Data inserted.".$p_pid."<br>";

}

}//err check

The code then checks to see if the $new_id variable value is greater then zero. If it is, the file upload process is started. The assumption is that, if the $new_id variable value is less then one, then the insert query was not successful and therefore the upload process will not be started:

//upload file

if($new_id > 0){

$uploadpath = "p_files/";

$filename = trim(addslashes($_FILES['userfile']['name']));

if(move_uploaded_file($_FILES['userfile']['tmp_name'], $uploadpath . $filename)) {

$msg .= "File uploaded.".$filename."";

}else{

$msg .= "File not uploaded.";

}

}

}

?>

The $_FILES['userfile']['name'] variable is the special variable that is designed for file uploads (think of it as the file equivalent of $_POST). The $_FILE array has five elements, of which tmp_name is one. It refers to the temporary name of the file on the server. If you look closely at the upload code above you will see that I've used it there as well. The move_uploaded_file() function is also used in the code. This function, as the name suggests, does the work of moving the file from one place to another.

There are only two things that I think are worth pointing out in the HTML form below. First, if you look at the opening form element, you will notice that an additional attribute has been added. It is called:

enctype="multipart/form-data"

The above merely informs the browser to expects different types of data from the form. This piece of code needs to be there whenever you are going to upload a file. Second, the actual form field needs to be of type 'file.' This has the effect of creating a "browse" button when the form is shown. Both of these pieces of code are highlighted below:

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml"><!-- InstanceBegin template="/Templates/PM_Main.dwt.php" codeOutsideHTMLIsLocked="false" -->

<head>

<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />

<!-- InstanceBeginEditable name="doctitle" -->

<title>Untitled Document</title>

<!-- InstanceEndEditable -->

<!-- InstanceBeginEditable name="head" -->

<!-- InstanceEndEditable -->

<link href="Templates/main.css" rel="stylesheet" type="text/css" />

</head>

<body>

<table width="100%" border="0">

<tr>

<td width="33%">&nbsp;</td>

<td width="28%">&nbsp;</td>

<td width="39%">Logged in: <!-- InstanceBeginEditable name="login" --><? echo $_SESSION['name'];?> | <a href="logout.php">Logout</a><!-- InstanceEndEditable --></td>

</tr>

<tr>

<td colspan="3" bgcolor="#6699CC" class="headertxt">Project Management Software </td>

</tr>

<tr>

<td colspan="3"><!-- InstanceBeginEditable name="main" -->

<form id="form1" name="form1" method="post" action="add_file.php" enctype="multipart/form-data">

<table width="100%" border="0">

<tr>

<td colspan="2" class="loginheader"><?php echo $title;?></td>

</tr>

<tr>

<td colspan="2"><?php if(isset($msg)){

echo $msg;

}?> </td>

</tr>

<tr>

<td width="10%">File Name </td>

<td width="90%"><label>

<input name="userfile" type="file" id="userfile" />

<input type="hidden" name="p_pid" value="<?php echo $_GET['pid'];?>"/>

</label></td>

</tr>

<tr>

<td>&nbsp;</td>

<td><label>

<input type="submit" name="submit" value="Upload File" />

</label></td>

</tr>

</table>

</form>

<!-- InstanceEndEditable --></td>

</tr>

<tr>

<td colspan="3"><!-- InstanceBeginEditable name="nav" --><a href="main.php">View Project List</a> | <a href="admin/login.php">Administrators Corner </a><!-- InstanceEndEditable --></td>

</tr>

<tr>

<td align="right" class="cright" colspan="3">copyright &copy; 2007 PM </td>

</tr>

</table>

</body>

<!-- InstanceEnd --></html>

Be sure to come back next week for the conclusion to this article series!