Still allowing it, heres my whole script:
<?php
$target_path = "uimg/";
$basenamer = basename($_FILES['uploadedfile']['name']);
$target_path = $target_path . $basenamer;
$ext = $_FILES["uploadedfile"]["type"];
$validexts = array('image/png','image/jpg','image/jpeg','image/gif');
if(in_array($ext,$validexts)){
if(move_uploaded_file($_FILES['uploadedfile']['tmp_name'], $target_path)) {
$fname = $_FILES['uploadedfile']['name'];
$q2 = "INSERT INTO ".TBL_PICS." (`oid`,`file`,`month`,`year`,`hits`,`approve`,`win`,`place`) VALUES ('$user', '$fname', '$month', '$year', '0', '1', '0', '0')";
$result2 = $database->query($q2);
if(!$result2) {
echo $error;
} else {
echo $_txt79."\"".basename( $_FILES['uploadedfile']['name'])."\"".$_txt80;
}
} else {
echo $error;
}
}else if(!in_array($ext,$validexts)){
echo $_txt84;
}?>
Shimmy/Jeff