jodunno

so i had some free time to code a better example page for you while preserving some of your original content. I strongly disagree that you need to submit the form to the same page [rolling my eyes] but do whatever feels best for you.
<?php declare (strict_types = 1);   // if (empty($_SESSION['userID']) { header("Location: /"); exit; }   (string) $SID_page = 'getForm'; (string) $SID_pageTitle = 'Upload files';   switch ($_SERVER["REQUEST_METHOD"]) {     case 'POST':          (string) $SID_errors = '';          (array) $SID_filesArrayErrors = ['4'=>'Please choose a file for upload'];           if (!empty($_FILES['Upload']['error'])) { if (array_key_exists($_FILES['Upload']['error'], $SID_filesArrayErrors)) { $SID_errors = $SID_filesArrayErrors[$_FILES['Upload']['error']]; break; } $SID_errors = 'fileArray'; break; }          if (preg_match('/^[0-9A-Za-z-_.\s]{1,64}.[jpg|jpeg|jpe|png|gif]+$/', $_FILES['Upload']['name']) === 0) { $SID_errors = 'Invalid filename (Filenames must be Alphanumeric with the following acceptions: - _ . and word spaces)'; break; }          if (function_exists(pathinfo($_FILES['Upload']['name'], PATHINFO_FILENAME))) { /* log this error */ $SID_errors = 'hack attempt'; break; }          /* catches built-in functions: phpinfo, phpinfo(), file_get_contents et cetera. use prefixes for all user defined code (here $SID_, stands for site id) */          $SID_dir = 'folder/';          $SID_timestamp = time();          $SID_filename = $SID_dir . $SID_timestamp.basename($_FILES['Upload']['name']);          move_uploaded_file($_FILES['Upload']['tmp_name'], $SID_filename);          $SID_page = 'postForm'; $SID_pageTitle = 'Files upload';     break;   } ?> <html> <head>   <title><?php if (!empty($SID_pageTitle)) { echo $SID_pageTitle; } ?></title> </head> <body> <?php switch ($SID_page) { case 'getForm': ?> <div data-role="page" id="page">   <div data-role="header">    <h1>Upload files</h1>    <a href="logout.php" data-role="button" data-icon="home">Sign out</a>    </div>   <div data-role="content"> <?php if (!empty($SID_errors)) { echo '<div><p>' . $SID_errors . '</p></div>'; } ?>   <form method="post" enctype="multipart/form-data">         <input type="file" name="Upload">         <input type="submit">     </form>   </div>   </div> <?php break; case 'postForm':   /* var_dump($_FILES); */   echo '<p>File was uploaded --> '. htmlspecialchars(urlencode($_FILES['Upload']['name']), ENT_QUOTES);   echo '<br>';   echo '<p>Information about file from $FILE array</p>';   echo 'File Name: ' . htmlspecialchars(urlencode($_FILES['Upload']['name']), ENT_QUOTES) . '<br>';   echo 'File Type: ' . htmlspecialchars($_FILES['Upload']['type'], ENT_QUOTES) . '<br>';   echo 'File Size: ' . htmlspecialchars($_FILES['Upload']['size'], ENT_QUOTES) . 'kB<br>';   /* one could add the form here too for more uploads but a user limit should be placed in a database      then loaded into the session at login or retrieved from the db on pageload */  break; } ?> </body> </html> good luck to you. You may want to ask requinix about my regex code. I am not a programmer either, so perhaps my regex could be better. Have a nice day.