[code=php:0] <?php require_once('../Connections/blog_oconn.php'); if (!isset($_SESSION)) { session_start(); } $MM_authorizedUsers = ""; $MM_donotCheckaccess = "true"; // *** Restrict Access To Page: Grant or deny access to this page function isAuthorized($strUsers, $strGroups, $UserName, $UserGroup) { // For security, start by assuming the visitor is NOT authorized. $isValid = False; // When a visitor has logged into this site, the Session variable MM_Username set equal to their username. // Therefore, we know that a user is NOT logged in if that Session variable is blank. if (!empty($UserName)) { // Besides being logged in, you may restrict access to only certain users based on an ID established when they login. // Parse the strings into arrays. $arrUsers = Explode(",", $strUsers); $arrGroups = Explode(",", $strGroups); if (in_array($UserName, $arrUsers)) { $isValid = true; } // Or, you may restrict access to only certain users based on their username. if (in_array($UserGroup, $arrGroups)) { $isValid = true; } if (($strUsers == "") && true) { $isValid = true; } } return $isValid; } $MM_restrictGoTo = "login.php?alert=no"; if (!((isset($_SESSION['MM_Username'])) && (isAuthorized("",$MM_authorizedUsers, $_SESSION['MM_Username'], $_SESSION['MM_UserGroup'])))) { $MM_qsChar = "?"; $MM_referrer = $_SERVER['PHP_SELF']; if (strpos($MM_restrictGoTo, "?")) $MM_qsChar = "&"; if (isset($QUERY_STRING) && strlen($QUERY_STRING) > 0) $MM_referrer .= "?" . $QUERY_STRING; $MM_restrictGoTo = $MM_restrictGoTo. $MM_qsChar . "accesscheck=" . urlencode($MM_referrer); header("Location: ". $MM_restrictGoTo); exit; } $username = $_SESSION['MM_Username']; $currentdate = date('l, F jS, Y'); if (!function_exists("GetSQLValueString")) { function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "") { $theValue = get_magic_quotes_gpc() ? stripslashes($theValue) : $theValue; $theValue = function_exists("mysql_real_escape_string") ? mysql_real_escape_string($theValue) : mysql_escape_string($theValue); switch ($theType) { case "text": $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL"; break; case "long": case "int": $theValue = ($theValue != "") ? intval($theValue) : "NULL"; break; case "double": $theValue = ($theValue != "") ? "'" . doubleval($theValue) . "'" : "NULL"; break; case "date": $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL"; break; case "defined": $theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue; break; } return $theValue; } } $editFormAction = $_SERVER['PHP_SELF']; if (isset($_SERVER['QUERY_STRING'])) { $editFormAction .= "?" . htmlentities($_SERVER['QUERY_STRING']); } if ((isset($_POST["MM_insert"])) && ($_POST["MM_insert"] == "form1")) { $insertSQL = sprintf("INSERT INTO entries (headline, `date`, content, image, `user`) VALUES (%s, %s, %s, %s, %s)", GetSQLValueString($_POST['headline'], "text"), GetSQLValueString($_POST['date'], "text"), GetSQLValueString($_POST['content'], "text"), GetSQLValueString($_POST['image'], "text"), GetSQLValueString($_POST['username'], "text")); mysql_select_db($database_blog_oconn, $blog_oconn); $Result1 = mysql_query($insertSQL, $blog_oconn) or die(mysql_error()); $insertGoTo = "entries.php"; if (isset($_SERVER['QUERY_STRING'])) { $insertGoTo .= (strpos($insertGoTo, '?')) ? "&" : "?"; $insertGoTo .= $_SERVER['QUERY_STRING']; } header(sprintf("Location: %s", $insertGoTo)); } $colname_new_blog = "-1"; if (isset($_SESSION['MM_Username'])) { $colname_new_blog = (get_magic_quotes_gpc()) ? $_SESSION['MM_Username'] : addslashes($_SESSION['MM_Username']); } mysql_select_db($database_blog_oconn, $blog_oconn); $query_new_blog = sprintf("SELECT * FROM entries WHERE `user` = %s", GetSQLValueString($colname_new_blog, "text")); $new_blog = mysql_query($query_new_blog, $blog_oconn) or die(mysql_error()); $row_new_blog = mysql_fetch_assoc($new_blog); $totalRows_new_blog = mysql_num_rows($new_blog); /* Image Upload Sciprt Copyright Pbkill.com Do Not Remove Under Penealty of Law */ $maxfilesize = 4048000000; $uploaddir = $_SERVER['DOCUMENT_ROOT'] . "/blog/uploads/"; $file = $_FILES['userfile']['tmp_name']; $filename = $_FILES['userfile']['name']; // Make the function for upload function do_upload() { // Valid file Mime types / extension $allowed_types = array( "image/jpeg" => "jpg", // Add more types here if you like ); // Check to see if file is an allowed extension if(!array_key_exists($_FILES['userfile']['type'], $allowed_types)) { die("<center><font color=\"#000000\" size=\"2\" face=\"Verdana, Arial, Helvetica, sans-serif\">Invalid file type!</font></center>"); } // Set the maximum file size => 204800 = 200kb $maxfilesize = 4048000000; // Is it under the allowed Max file size? if($_FILES['userfile']['size'] > $maxfilesize) { die("<center><font color=\"#000000\" size=\"2\" face=\"Verdana, Arial, Helvetica, sans-serif\">File is too large!</font></center>"); } // Where are the files going? $uploaddir = $_SERVER['DOCUMENT_ROOT'] . "/blog/upload/"; // What is the files temporary name? $file = $_FILES['userfile']['tmp_name']; // What is the files actual name? $filename = $_FILES['userfile']['name']; // Check to see if the file allready exists? if(file_exists($uploaddir . $filename)) { die("<center><font color=\"#000000\" size=\"2\" face=\"Verdana, Arial, Helvetica, sans-serif\">A file with that name already exists on this server.</font></center>"); } else { // If the file does not already exist, copy it. copy($file, $uploaddir.$filename) or die("<center><font color=\"#000000\" size=\"2\" face=\"Verdana, Arial, Helvetica, sans-serif\">Could not copy file.</font></center>"); } } [/code] AND HERES MY FORM [code=php:0] <form action="<?php echo $editFormAction; ?>" method="POST" enctype="multipart/form-data" name="form1"> <input type="hidden" name="action" value="do_upload"> <table width="630" border="0" align="center" cellpadding="3" cellspacing="3" class="content"> <tr> <td width="199" align="right" valign="top" class="content">Headline :</td> <td width="410" align="left" valign="middle" class="content"><label> <input name="headline" type="text" id="headline"> </label></td> </tr> <tr> <td align="right" valign="top" class="content">Content :</td> <td align="left" valign="middle" class="content"><label> <textarea name="content" cols="40" rows="10" id="content"></textarea> </label></td> </tr> <tr> <td align="right" valign="top" class="content"> </td> <td class="error">*please remember to resize your image to 300px. </td> </tr> <tr> <td align="right" valign="top" class="content"><font color="#000000" size="2" face="Verdana, Arial, Helvetica, sans-serif">Blog Image :</font></td> <td class="content"><font color="#000000"> <input name="userfile" type="file" class="button" id="userfile"> <font color="#000000"> <input type="submit" name="Submit" value="Upload File!" class="button"> </font></font></td> </tr> </table> <input name="image" type="hidden" id="image" value="http://www.alteredimage.com/blog/upload/<? echo $filename; ?>"> <input name="username" type="hidden" id="username" value="<? echo $username; ?>"> <input name="date" type="hidden" id="date" value="<? echo $currentdate; ?>"> <input type="hidden" name="MM_insert" value="form1"> </form> <p class="error"><?php // If the form has been completed, execute the upload function (above). if($_POST['action'] == "do_upload") { do_upload(); } ?> [/code] Everything is working other then this [code=php:0]<input name="image" type="hidden" id="image" value="http://www.alteredimage.com/blog/upload/<? echo $filename; ?>">[/code] it uploads the file and inserts this statement into my db except for the filename variable. PLEASE HELP.