Hi all,
I have code that is reused throughout a site to upload appropriate images to their respective tables, and despite the code being pretty much identical (I cannot find any differences in it, I have just copied the script) it works in some areas and not in others. Here is an example of one page that does not work:
if ($_POST['ac_firstname']) {
// post fields to simple variables
$ac_firstname = addslashes($_POST['ac_firstname']);
$ac_lastname = addslashes($_POST['ac_lastname']);
$ac_email = addslashes($_POST['ac_email']);
$ac_phone = addslashes($_POST['ac_phone']);
$ac_title = addslashes($_POST['ac_title']);
$a_id = addslashes($_POST['a_id']);
$ac_active = $_POST['ac_active'];
$ac_activedate = '$year-$month-$day';
if (!mysql_query("INSERT INTO accounts_master (account_id, ac_firstname, ac_lastname, ac_phone, ac_email, a_id, ac_notes, ac_type, ac_joindate, ac_activedate)
VALUES ('$account_id', '$ac_firstname', '$ac_lastname', '$ac_phone', '$ac_email', '$a_id', '$ac_notes', '$ac_type', NOW(), '$ac_activedate')")) {
echo "<p class=\"error\">Error saving profile: </p>" . mysql_error();
include_once("bottom_container.php");
exit();
}
else {
$account_id = mysql_insert_id();
mkdir ("$path/$account_id/", 0777);
$userfile = $HTTP_POST_FILES['nfile']['name'];
$location = $HTTP_POST_FILES['nfile']['tmp_name'];
if ($userfile && is_uploaded_file($location)) {
$fileinfo = pathinfo($userfile);
$newfilename = mysql_escape_string(sprintf("../images/%01d-ach.%s", $account_id, $fileinfo['extension']));
move_uploaded_file($location, $newfilename);
mysql_query("UPDATE accounts_master
SET ac_image='$newfilename'
WHERE account_id='$account_id'");
}
echo "<p>Item successfully added.</p>";
} // End if
include_once("bottom_container.php");
exit();
}
the field:
<input type=file name=nfile>
Can someone please take a look at this and tell me what I'm doing wrong?
thanks in advance for any help.
