a wild guess here but shouldn't you be calling out the tmp_filename instead of userfile inorder to use the new file name? I thought userfile was a php function and didn't need to be declared? If I'm way off base here don't mind me, I'm still learning. Hey maybe you can help my issue, would you mind taking a look?

[webmasterworld.com...]

much appreciated

You never use $randName in any insertion statement or make $fileName = $randName at any point.

Essentially you're creating a random filename but never using it.

Well, actually, let me make myself more clear:

You're UPLOADING the file as the random name.

You're INSERTING the filename into the database as the original filename.

thanks for the reply,

I know im not calling it, I cant work out how to insert the random name into the DB instead of the original filename

Oh. Sorry.

Change:
$query = "INSERT INTO files (name, size, type, date, description) ".
"VALUES ('$fileName', '$fileSize', '$fileType', '$date', '$description')";

To:
$query = "INSERT INTO files (name, size, type, date, description) ".
"VALUES ('$randName', '$fileSize', '$fileType', '$date', '$description')";

Thank you, thank you!
The insert worked, however....

$query = "INSERT INTO files (name, newname, size, type, date, description) ".
"VALUES ('$name', '$randName.$fileType', '$fileSize', '$fileType', '$date', '$description')";

Code above produces:
c7f26d224538af0376a7883ad8f931d8.text/plain

How would I get it to insert it as: c7f26d224538af0376a7883ad8f931d8.txt

Also, the name/$name variable is turning up blank in the database, any ideas?

I figured out the name/$name problem, was my silly mistake.

can you possibly help with the other issue above?

You have a line that reads:
$ext = substr(strrchr($fileName, "."), 1);

Change that to:
$ext = explode(".",$fileName);
$ext = strtolower($ext[1]);

Cheers.

Thanks for replying.

However, the insert in the database is still producing:

5bcbf2571f330a1abf5c53f7038e18c7.text/plain

I am trying to get it to insert it as:
5bcbf2571f330a1abf5c53f7038e18c7.txt

<?
// upload directory
$uploadDir = "$FileDir";

$MaxFileSize = $_FILES['userfile']['size'];
if ($MaxFileSize > 2097152) {

// if greater than 2MB - send nice rejection message }
echo "Sorry, your file is $size the maximum filesize allowed is $max_file_size bytes";
exit;
}

if(isset($_POST['upload']))
{

$fileName = $_FILES['userfile']['name'];
$tmpName = $_FILES['userfile']['tmp_name'];
$fileSize = $_FILES['userfile']['size'];
$fileType = $_FILES['userfile']['type'];

// get the file extension first
$ext = explode(".",$fileName);
$ext = strtolower($ext[1]);

// generate the random file name
$randName = md5(rand() * time());

// and now we have the unique file name for the upload file
$filePath = $uploadDir . $randName . '.' . $ext;

// move the files to the specified directory
// if the upload directory is not writable or
// something else went wrong $result will be false
$result = move_uploaded_file($tmpName, $filePath);

if (!$result) {
echo "Error uploading file";
exit;
}

if(!get_magic_quotes_gpc())
{
$fileName = addslashes($fileName);
$filePath = addslashes($filePath);
}

$query = "INSERT INTO files (name, newname, size, type, date, description) ".
"VALUES ('$fileName', '$randName.$fileType', '$fileSize', '$fileType', '$date', '$description')";

mysql_query($query) or die('Error, query failed : ' . mysql_error());

echo "<br><b>The file was successfuly uploaded.</b><br><br>";

mysql_close($cid);
}
?>

Can you please add the line:

echo "Filename: ".$fileName." Extension: ".$ext." Filepath: ".$filePath."<br>";

After the line where you set $filePath = $uploadDir . $randName . '.' . $ext; for me please?

And let me know what it reads when it outputs?

Hi adammc,

You are concatenating the file name with the file type, which is why you are getting the insert with the mime type attached on the end.

$randName.$fileType

Have you tried changing that to:

$randName.$ext

$query = "INSERT INTO files (name, newname, size, type, date, description) ".
"VALUES ('$fileName', '$randName.$ext', '$fileSize', '$fileType', '$date', '$description')";

dc

Thank yoou dreamcatcher and steerpike :)

Dreamcatcher, you advice has fixed my problem. It works a treat! Thanks again

You`re welcome. :)