Upload picture to server successful but insert file name to database is blank

Question

Hi everyone. I appreciate your effort tat helping newbies like me. I have the following problems and will appreciate urgent help.

PROBLEM NUMBER 1: Using PHP and MySQL, I am able to upload picture successfully unto the server but not so with the file name of the picture even though other parameters in my form got inserted successfuly in the database. I have read several posts on this topic including here on this site but I can't get around the problem yet.

PROBLEM NUMBER 2: I equally need help on limiting file TYPE permitted for upload (gif, jpeg, png ONLY) as well as the file SIZE (not more than 100kb).

PROBLEM NUMBER 3: To force a resize of all pictures uploaded into a smaller thumbnail size of 20kb and stored this in a seperate folder on the server with a seperate filename on the database.

Below is my current PHP code;

<?php 
if (!isset($_POST['upload'])) 
{ 
include ("submit_interview_test.php"); //shows form if it's not been posted 
}

else 
{ 
if($_FILES['pic']['tmp_name'] == "none") 
{ 
echo "<b>File not successfully uploaded. Maybe check the filesize limit.</b>"; 
include ("submit_interview_test.php"); 
exit(); 
}

if(!ereg("image",$_FILES['pic']['type'])) 
{ 
echo "<b>File is not an image - try another file.</b>"; 
include ("submit_interview_test.php"); 
exit(); 
}

else 
{ 
$uploadDir = 'intervimages/'; 
$destination = $uploadDir.basename($_FILES['pic']['name']); 
$temp_file = $_FILES['pic']['tmp_name'];
include ("processinterview.php");
if ( move_uploaded_file ($temp_file,$destination) ) 
{ echo '<p>Your file has been successfully uploaded!</p>'; 
} 

else 
{ echo "Problem with picture upload!"; 
} 
} // end of else

} // end of else 
?> 

THIS IS my processinterview.php code;

<?php
include_once 'includes/db.php';
$sql="INSERT INTO interview (interviewer, media_house, category, interview_title, title_rider, personality, interview_body, source, published, temp_file, interview_date, location, interview_intro, date) VALUES ('$_POST[interviewer]','$_POST[media_house]','$_POST[category]','$_POST  [interview_title]','$_POST[title_rider]','$_POST[personality]','$_POST [interview_body]','$_POST[source]','$_POST[published]','$_FILES[temp_file]','$_POST[interview_date]','$_POST[location]','$_POST[interview_intro]',now())";

if (!mysql_query($sql))
{
die('Error: ' . mysql_error());
}
echo "1 interview record has been successfully added to the database.";
?>

AND, this is my form (submit_interview_test.php);

<form enctype="multipart/form-data" action="processinterview3.php" method="post">
<table bgcolor="#ececec" border="0" cellspacing="5">
<tbody>
<tr><td>Interview conducted by (Interviewer's Name):</td><td><input size="30"  name="interviewer" type="text" /></td></tr>
<tr><td>Media house (e.g., Punch):</td><td><input size="30" name="media_house" type="text" /></td></tr>
<tr><td>Location (e.g., Ibadan or USA):</td><td><input type="text" size="30" name ="location" /></td></tr>
<tr><td>Interview Category (e.g., Local):</td><td><input type="text" size="30" name   ="category" /></td></tr>
<tr><td>Interview Personality:</td><td><input type="text"  size="30" name ="personality" /></td></tr>
<tr><td>Interview Title:</td><td><input type="text"  size="130" name ="interview_title" /></td></tr>
<tr><td>Title Rider:</td><td><input type="text"  size="130" name ="title_rider" /></td></tr>
<tr><td>Source (e.g., http://...):&lt;/td&gt;&lt;td&gt;&lt;input size="130" name="source" type="text" /></td></tr>
<tr>  <td valign="top">Interview Introduction:</td>
<td><textarea name="interview_intro" rows="3" cols="100"></textarea></td></tr>
<tr><td>Date of Interview (e.g., 26/09/2009):</td><td><input size="30" name="interview_date" type="text" /></td></tr>
<tr>  <td valign="top">Interview Main Content:</td>
<td><textarea name="interview_body" rows="12" cols="100"></textarea></td></tr>
<tr><td>Add Photo (Jpeg or gif not more than 80KB):</td><td><input type="file" name="pic"/></td></tr>
<tr><td valign="top">Publish rightaway?</td>
<td><input type="checkbox" name="published" value="1"> Yes (Leave this if this   Interview is not to be published yet)<br>
<tr><td>&nbsp;</td><td><input value="Submit Interview" type="submit" name="upload"/><font face="arial" size="1">&nbsp;&nbsp;Please check for any error before you submit</font></td></tr>
</tbody></table>

Thanks for the trouble pls.

Answer 1

1) Your query is inserting $_FILES[temp_name] as the value to store when you should be using just $temp_name.

2) Use the following array of mime types to check against (taken from the Symfony framework's uploaded image validation code):

<?php
  $valid_mimes = array(
    'image/jpeg',
    'image/pjpeg',
    'image/png',
    'image/x-png',
    'image/gif',
  );

  if(!in_array($_FILES['pic']['type'], $valid_mimes)) {
    // invalid mime
  }

Your file size can be validated with the $_FILES['pic']['size'] value.

3) There are a number of libraries available for image and thumbnail generation, your specific choice will depend on what, if any, supporting graphics libraries you have installed on your server (GD or ImageMagick). Any of the following results may work for you: http://www.google.com/search?q=php+image+thumbnail