Hello, I have this form which submits to itself with data posted by users. I am looking to update my database with the info posted, and if a file is attached, validate it too with allowed types, rename it and upload it to my server, and then update the database with relevant info, and finally send an email with selected fields. However, if there is no file attached, I still would like the database to be updated and an email sent.
Below is the script I somehow after spending a few nights managed to come up with. Please could I request the experts here to review it and advise why it wouldn't work and let me know the areas where it is wrong. Here is the script - Apologies for the long script.

<?php
if (isset($_POST['validate'])) // Hidden field in my form
{
//Validating every entry posted through form
if (trim($_POST['sender_Name']) == "")
echo "Please enter your name <br />";
else {
if (trim($_POST['sender_Location']) == "")
echo "Please enter your location <br />";
else {
if (trim($_POST['sender_Email']) == "")
echo "Please enter your email address<br />";
else {
if (trim(!preg_match("/^([\w-]+(?:\.[\w-]+)*)@((?:[\w-]+\.)*\w[\w-]{0,66})\.([a-z]{2,6}(?:\.[a-z]{2})?)$/i", $_POST['sender_Email'])))
echo "Please enter a valid email address<br />";
else {
if (trim($_POST['sentto']) == "")
echo "Please enter the 'Message To' field <br />";
else {
if (($_POST['year'] . "-" .$_POST['month'] ."-".$_POST['date']) < (date('Y-m-d')))
echo "Publish Date cannot be in the past<br />";
else {
if (trim($_POST['message']) == "")
echo "Please enter your message <br />";
else {
if(is_uploaded_file($_FILES['photo']['name'])) //File name submitted via form
//Allowed file types
$allowed_file_types = array ('.jpg', '.pjpeg', '.gif', '.bmp', '.png', '.jpeg');
//Get the extension from file name
function getExtension($str)
{
$i = strrpos($str,".");
if(!$i) {return "";}
$l = strlen($str) - $i;
$ext = substr($str, $i+1, $l);
return $ext;
}
//Check if file type is allowed
if (!in_array($ext, $allowed_file_types))
$rand_numb = rand(0000, 9999);
$file_name = stripslashes($_FILES['photo'] ['name']);
$extn = getExtension($file_name); //File extension using above function
$new_file_name = $rand_numb . "." . $extn; //New file name – replacing the old with random number
$path = "wishes/";
$path = $path ."images/".$new_file_name; //Directory where the new file will be uploaded
move_uploaded_file($_FILES['photo']['tmp_name'], $path . $new_file_name); //Upload file with new name
else {
$sender = $_POST['sender_Name'];
$location = $_POST['sender_Location'];
$email = $_POST['sender_Email'];
$to = $_POST['sentto'];
//Get sender's IP address sender
if(isset($_SERVER['HTTP_X_FORWARDED_FOR']))
{
$ip = $_SERVER['HTTP_X_FORWARDED_FOR'];
} else {
$ip = $_SERVER['REMOTE_ADDR'];
}
$publ_date = (($_POST['year'] . "-" .$_POST['month'] ."-".$_POST['date']));
$msg_type = $_POST['Wishes'];
$show_date = ($_POST['date'] . "-" .$_POST['month'] ."-".$_POST['year']);
$today = date('Y-m-d');
$message = stripslashes(trim($_POST['message']));
include_once('dbconn.php'); //Database Connection Script
if (!$connx)
{
die ('Sorry, Could Not make Database Connection<br />');
}
@mysql_select_db($dbs);
$result = "INSERT INTO wishes (wishesID, sender_Name, sender_Location, sender_IP, sender_Email,
sent_Date, sent_To, message_Type, publish_Date, message, photo_id) VALUES ('NULL', '$sender', '$location',
'$ip', '$email', '$today', '$to', '$msg_type', '$publ_date', '$message', '$new_file_name')";
mysql_query($result) or
die ("Failed to update database<br />");
mysql_close();
$post_email = "myemail@blahblahblah.com";
$subject = $show_date .": - $msg_type" ." Wishes to be posted on " .$show_date;
$posted_msg = "Sender: $sender \r\n"."Email: $email \r\n"."Message: $message \r\n" ."File Sent: $new_file_name";
mail($post_email, $subject, $posted_msg, "From: $email\r\nReply-To: $post_email\r\nReturn-Path: $post_email\r\n");
}
else {
echo "Error while uploading the file, Please contact the webmaster<br />";
//Show the form again
}
}
}
}
}
}
}
}
}
?>