I've built this webform wizard, consisting of several PHP pages. In this several pages users can fill in the form and the data gets temporarily stored in a session and at the last page the sessions are used to store all the data in the MYSQL database. Everything works fine with the exception of the uploaded file. Here is my code:
HTML: wizard_page2
<form name="registratieformulier" method="post" enctype="multipart/form-data" action="sw3.php">
<tr><td>Foto winkel uploaden: </td><td><input type="file" name="uploadfoto"/></td></tr><br /><br />
<tr><td><strong>Omschrijving van winkel:</strong></td> </tr><br />
<tr><textarea cols="50" rows="7" name="omschrijvingwinkel"></textarea></tr>
<input name="pkbedrijven" value="<?php echo($pkbedrijven); ?>" type="hidden" />
<input type="submit" name="stuurfoto" value="Verzenden" />
</form>
PHP: wizard_last_page
$_FILES['uploadfoto']['name'] = $_SESSION["naamfoto"];
$_FILES['uploadfoto']['tmp_name'] = $_SESSION["tijdelijk"];
$bn = $_SESSION["wn"];
$target_path = "../../winkels/$bn/";
$target_path = $target_path . basename( $_FILES['uploadfoto']['name']);
move_uploaded_file($_FILES['uploadfoto']['tmp_name'], $target_path)or die("There was an error uploading the file, please try again!");
$foto_path = "http://mywebsite.nl/winkels/$bn/".basename($_FILES['uploadfoto']['name']);
$omschrijving = $_SESSION["omschrijving"];
$add = "UPDATE winkelprofiel SET winkelomschrijving='$omschrijving', winkelfoto='$foto_path' WHERE fkBedrijvenID=$pkbedrijven ";
$query_upload = mysql_query($add) or die("De winkelfoto en omschrijving konden niet worden opgeslagen");
The $_FILES array only holds information about the file that has been uploaded in this request. If you do not save that file elsewhere within the same request, it will be removed by PHP at the end of the request. You cannot simply save $_FILES['uploadfoto']['tmp_name'] into the session and expect the file to still be there later, because it won't be. There's also no point in assigning the values in $_SESSION back into $_FILES, it won't bring the file back.
What you need to do:
if the upload was successful, move $_FILES['uploadfoto']['tmp_name'] somewhere else immediately
save the location you have moved it to into $_SESSION
do something with that file in $_SESSION at the end of your multi-page process (no need for $_FILES anymore at all)
have some mechanism in place to remove old uploaded files, in case the user abandons the session and the file never gets used
I think that the problem is, the file located at $_FILES['uploadfoto']['tmp_name'] will only be available when it is uploaded. Even you store the value in session, the file won't be there when you come to wizard_last_page. You need to handle uploaded files right away in the POST request.
So you need to move the file to $target_path or any certain temporary place when it's uploaded, then store the $target_path in the session so you can access to the file later on wizard_last_page.
Well, you can upload the file in one temporary location first. Then on the last page, once you submit the form, you can transfer the file to the desired location and then delete the temporary one.
$_SESSION['file'] = $_FILES["file"]["name"];
if (file_exists("uploads/" . $_FILES["file"]["name"]))
{
echo $_FILES["file"]["name"] . " already exists. ";
}
else
{
move_uploaded_file($_FILES["file"]["tmp_name"],"uploads/temp/" . $_FILES["file"]["name"]);
};
//This for the last page.
$file = file_get_contents("uploads/temp/".$_SESSION['file']);
file_put_contents("uploads/".$_SESSION['file'], $file);
I disagree with the accepted answer. There is a way to store all the images in the session array variable. You can use the "file_get_contents" function for storing the image.
Have a look at this:
$_SESSION['imgArrayFile'][] = $_FILES['file']; //Your file informations
$_SESSION['imgArrayName'][] = $_POST["ImgNewNamePlacowki"]; //new name for img
$_SESSION['ImgArrayAlt'][] = $_POST["ImgAltPlacowki"]; // alt tags if you use them
$_SESSION['obj_image_session'][] = file_get_contents($_FILES['file']['tmp_name']);
//above "file_get_contents" function - store image as a long string.
Regardless of what other think about using it for this purpose it can do the job for you.
There are several issues with storing large amounts of data in a session but if you images are small enough and you are aware of your settings limitation, then you will be just fine.
Save your file with
$file= $destination."/".$filename; //images/new.jpg
$fp=fopen($file,"w");
fwrite($fp,$_SESSION['obj_image_session'][$index]);
EXAMPLE FROM MY (WORKING) PROJECT:
<?php
//$galery_img_folder = "your/new/image/destination";
foreach($_SESSION['imgArrayFile'] as $index => $name){
if($_SESSION['imgArrayName'][$index]!=""
&& $_SESSION['ImgArrayAlt'][$index]!=""
&& $_SESSION['obj_image_session'][$index]!=""
){
$allowedExts = array("gif", "jpeg", "jpg", "png");
$temp = explode(".", $_SESSION['imgArrayFile'][$index]["name"]);
$extension = end($temp);
if ((($_SESSION['imgArrayFile'][$index]["type"] == "image/gif")
|| ($_SESSION['imgArrayFile'][$index]["type"] == "image/jpeg")
|| ($_SESSION['imgArrayFile'][$index]["type"] == "image/jpg")
|| ($_SESSION['imgArrayFile'][$index]["type"] == "image/pjpeg")
|| ($_SESSION['imgArrayFile'][$index]["type"] == "image/x-png")
|| ($_SESSION['imgArrayFile'][$index]["type"] == "image/png"))
&& ($_SESSION['imgArrayFile'][$index]["size"] < 104857600)
&& in_array($extension, $allowedExts))
{
if(isset($_SESSION['imgArrayName'][$index]) && $_SESSION['imgArrayName'][$index]!=""){
$rename = $_SESSION['imgArrayName'][$index];
$rename = $rename.".".end($temp);
}
if ($_SESSION['imgArrayFile'][$index]["error"] > 0)
{
echo "Return Error Code: " . $_SESSION['imgArrayFile'][$index]["error"] . "<br>";
}
else
{
$size = display_filesize($_SESSION['imgArrayFile'][$index]["size"]);
echo "Upload: " . $_SESSION['imgArrayFile'][$index]["name"] . "<br>";
echo "Type: " . $_SESSION['imgArrayFile'][$index]["type"] . "<br>";
echo "Size: " . ($size) . "<br>";
echo "Temp file: " . $_SESSION['imgArrayFile'][$index]["tmp_name"] . "<br>";
if (file_exists($galery_img_folder."/".$rename))
{
$error[] = ''.$rename.' <span class="error" id="error"> this name exsists </span>';
}
else
{
$_FILES["file"]["tmp_name"]=$_SESSION['imgArrayFile'][$index]["tmp_name"];
move_uploaded_file($_FILES["file"]["tmp_name"], $galery_img_folder."/".$rename);
//now make use of the file_get_content variables
$file= $galery_img_folder."/".$rename;
$fp=fopen($file,"w");
fwrite($fp,$_SESSION['obj_image_session'][$index]);
}
}
}
}
else
{
$error[] = '<span class="error" id="error"> Niewłaściwy plik </span>';
$maxsixe = display_filesize(104857600);
echo "Size: " . ($maxsixe) . "<br>";
}
}
}//end foreach ! ! !
}//end dodawanie zdjecia
?>
Of course you will have to make some small modifications to make it work with your project, but my point was to show you that it's possible.
Have a great day and happy coding !
Related
I recently noticed on my website that users weren't able to upload profile pictures on mobile. So I copied all of the required HTML and PHP code from the root directory. The location where the profile pictures are moved was also modified so the pictures get uploaded to the right place. Now when I test it out and try to upload a profile picture using Safari for iOS, I get this error:
Warning: getimagesize() [function.getimagesize]: Filename cannot be empty in /home5/bobcatss/public_html/mobile/profile.propic.php on line 18
Here is the form the user submits:
<div class="propic"><form method="post" action="profile.propic.php" enctype="multipart/form-data">
<input type="hidden" name="MAX_FILE_SIZE" value="100000" />
Upload a profile picture <br><input name="file" type="file" id="file"/><br>
<input type="submit" value="Upload">
</form></div>
And this is the script that processes the image:
<?php
error_reporting(E_ALL);
ini_set('display_errors', 1);
include("../config.php");
session_start();
// Where the file is going to be placed
$target_path = "../propics/";
$filename = $_FILES["file"]["name"];
$limit_size=100000;
$temp = explode(".", $filename);
$extension = end($temp);
$info = getimagesize($_FILES["file"]["tmp_name"]); //Line 18
$allowed_types = array(IMG_GIF, IMG_JPEG, IMG_PNG, IMG_JPG);
if (in_array($info[2], $allowed_types))
{
if ($_FILES["file"]["error"] > 0)
{
echo "Return Code: " . $_FILES["file"]["error"] . "<br>";
exit;
}
else
{
if (file_exists("../propics/" . $_FILES["file"]["name"]))
{
echo $_FILES["file"]["name"] . " already exists. ";
}
else
{
move_uploaded_file($_FILES["file"]["tmp_name"],
"../propics/" . $_FILES["file"]["name"]);
try {
//insert into database
$stmt = $db->prepare('UPDATE users SET propic = :propic WHERE username = :username') ;
$stmt->execute(array(
':propic' => $filename,
':username' => $_SESSION["USER"]
));
//redirect to profile page
header("Location: profile.php?msg=Profile picture upload complete");
} catch(PDOException $e) {
echo $e->getMessage();
}
}
}
}
else
{
echo "Invalid file";
}
?>
I emailed the image to myself and tried uploading it from my laptop but it gave me the same error.
I know this is old but this has just happened to me as well and I have bumped into this trying to figure out what happened. If you were using 3G connection the request may have taken longer than MAX_REQUEST_TIMEOUT so it probably failed ( duplicate here )
//uploadForm.html
<html>
<body>
<form action="upload_file.php" method="post" enctype="multipart/form-data">
<label for="browseFile">Filename : </label>
<input type="file" name="file" id="browseFile"><br>
<input type="submit" name="submit" value="Submit">
</body>
</html>
//upload_file.php
<?php
$allowedExt = array("png","jpg");
$temp = explode(".",$_FILES["file"]["name"]);
$extension = end($temp);
echo "uploading...";
if((($_FILES["file"]["type"]=="image/png") || ($_FILES["file"]["type"]=="image/jpg")) && ($_FILES["file"]["size"] < 1000000))
{
echo "success";
if($_FILES["file"]["error"] > 0)
{
echo "error in uploading" . $_FILES["file"]["error"]."<br>";
}
else
{
echo "<p>uploaded successfully</p>";
}
}
else
echo "invalid file" ;
echo $_FILES["file"]["name"]."stored in ".$_FILES["file"]["tmp_name"]."<br>";
move_uploaded_file($_FILES["file"]["tmp_name"],"uploads/".$_FILES["file"]["name"]);
echo "moved Successfully";
?>
When I try to echo the temp directory name , it is blank . The uploaded files are missing .
I dont get it in the MAMP/htdocs folder neither in /tmp/ directory .
I dont have uploads directory in /MAMP/htdocs/ .Wont the program create a directory if it does not exist ?
In your final instructions, you have $_FILES['name']['tmp_name'] instead of $_FILES['file']['tmp_name'].
By the way, you have a few errors in your script:
Even if someone uploads an invalid file, you show them an error message, but you still move it to the final place.
$_FILES["file"]["type"] is a value sent by the browser (ie: the client). A malicious attacker may sent you any kind of file and disguise it as a image/png, and you are trusting it. You cannot trust this value. Instead, you could use getimagesize, which returns you an array that has the mime type of the image (and is detected by the server (ie: by you). To detect the mime-type of non-images, you can use FileInfo, concretely finfo_file.
Also, the php script will not create your uploads folder if it does not exist, and instead will show an error (and do nothing). You must create this folder first, and make sure that the user running your php script (usually the same that is running your http server) has write permissions on that directory.
edit: You don't see any uploaded file in your temp directory because (quoting http://www.php.net/manual/en/features.file-upload.post-method.php):
The file will be deleted from the temporary directory at the end of
the request if it has not been moved away or renamed.
$allowedExt = array("png","jpg");
echo $temp = explode(".",$_FILES["file"]["name"]);
$extension = end($temp);
echo "uploading...";
if ($_FILES["file"]["error"] > 0)
{
echo "Error: " . $_FILES["file"]["error"] . "<br>";
}
else
{
move_uploaded_file($_FILES["file"]["tmp_name"],
"upload/" . $_FILES["file"]["name"]);
echo "Stored in: " . "upload/" . $_FILES["file"]["name"];
}
$_FILES["name"]["tmp_name"] does not exist, it should be $_FILES["file"]["tmp_name"]
I'm pretty new in PHP (don't have much HTML experience, too) and I have a question. I have a file upload system which consists of two PHP scripts (see below). In the file upload form a user selects file, saving folder and then uploads. Saving location can be chosen from a drop-down menu which consists of folders in uploading directory. But there's another option in the drop-down menu. If the user chooses the option other then a new field comes up (it's done by JavaScript) and the user can insert location manually (for example, a directory doesn't exist and the user wants to make a new one).
But here's a problem: if the user chooses a folder which is predefined everything is OK, but if the user writes a directory name to the field then only folder called folder will be created. For example, if the user wants to upload a picture about a flower and no folder called flower exists then the user chooses other and writes flower into the box. Then upload button is clicked and basically PHP should make a new folder called flower and upload the picture there. But at the moment, PHP makes a folder called folder and for some reason the picture is not uploaded there (it's uploaded nowhere).
My problems with the script:
A new folder won't be created. I think it's because I have two values called "folder" but I don't know how to get it work that if "other" is selected then PHP only looks the last value.
Even if the folder is created then a file won't be uploaded there for some reason.
I would be really grateful if anyone finds the solution for my problem and helps me to fix it. And don't hesitate to ask for extra information because my English isn't the best and because of this some things can't be understood.
Thanks in advance!
1st file: file-upload.php:
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title></title>
<script language="JavaScript" type="text/javascript">
<!--
function Toggle(obj){
var val=obj.value;
if (!obj.m){ obj.m=''; }
if (!obj.m.match(val)){ obj.m+=','+val+','; }
var hide=obj.m.split(',');
for (var zxc0=0;zxc0<hide.length;zxc0++){
if (document.getElementById(hide[zxc0])){
document.getElementById(hide[zxc0]).style.display='none';
}
}
var show=val.split(',');
for (var zxc1=0;zxc1<show.length;zxc1++){
if (document.getElementById(show[zxc1])){
document.getElementById(show[zxc1]).style.display='';
}
}
}
//-->
</script>
</head>
<body>
<h1>Upload</h1>
<form action="upload.php" method="post"
enctype="multipart/form-data"><br>
<label for="file">File:</label>
<input type="file" name="file" id="file" />
<br>
Tüüp: <select name="folder" value="folder" onchange="Toggle(this);">
<?php
foreach(glob('/uploadfolder/*', GLOB_ONLYDIR) as $dir)
{
$dir = basename($dir);
echo '<option value="', $dir, '">', $dir, '</option>';
}
?>
<option value="folder">other</option>
</select><br>
<input id="folder" value="Create a new folder" style="display:none;">
<input type="submit" name="submit" value="Upload" />
</form>
</body>
</html>
2nd file: upload.php:
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title></title>
</head>
<body>
<h1>Upload</h1>
<br>
<?php
$dirname = $folder = $_POST["folder"];
$filename = "/uploadfolder/" . "$dirname" . "/";
if (!file_exists($filename)) {
mkdir("/uploadfolder/" . "$dirname", 0777);
}
if ((($_FILES["file"]["type"] == "image/gif")
|| ($_FILES["file"]["type"] == "image/jpeg")
|| ($_FILES["file"]["type"] == "image/pjpeg")
|| ($_FILES["file"]["type"] == "application/vnd.openxmlformats- officedocument.spreadsheetml.sheet"))
&& ($_FILES["file"]["size"] < 5120000))
{
if ($_FILES["file"]["error"] > 0)
{
echo "Return Code: " . $_FILES["file"]["error"] . "<br />";
}
else
{
echo "Name: " . $_FILES["file"]["name"] . "<br />";
echo "Type: " . $_FILES["file"]["type"] . "<br />";
echo "Size: " . ($_FILES["file"]["size"] / 1024) . " Kb<br />";
echo "Tmp. file: " . $_FILES["file"]["tmp_name"] . "<br />";
echo "Folder: " . $folder . "<br />";
if (file_exists("/uploadfolder/$folder/" . $_FILES["file"]["name"]))
{
echo $_FILES["file"]["name"] . " already exists. ";
}
else
{
move_uploaded_file($_FILES["file"]["tmp_name"],
"/uploadfolder/$folder/" . $_FILES["file"]["name"]);
echo "Saved: " . "" . $_FILES["file"]["name"];
}
}
}
else
{
echo "Upload failed";
}
?>
</body>
</html>
Do the Following Steps
In file-upload.php, add a name attribute to the text field for the new folder name . Let it be like this,
<input id="folder" value="Create a new folder" name="newfolder" style="display:none;">
Now in the upload.php file make changes as below,
$dirname = $_POST["folder"];
$filename = ("./uploadfolder/" . "$dirname" . "/");
if($dirname=="folder"){$dirname=$_POST["newfolder"];}
if (!file_exists($filename)) {
mkdir("./uploadfolder/" . "$dirname", 0777);
}
Use $dirname as the folder name through out. So replace $folder with $dirname
Another thing is, if upload is still not working fine, just use "./uploadfolder/$folder/" as base path. Also Give 777 permissions to your workspace. You may use the following command,
chmod -R 777 <path_to_uploadfolder>
As mentioned by other SOF users, remove exit; from the file exist check in the beginning.
Hope you have the answer ! :)
at the moment PHP makes a folder called "folder" and for some reason the picture IS NOT even uploaded there
That's because you have an exit; in the following excerpt from the second file:
<?php
$dirname = $_POST["folder"];
$filename = ("/uploadfolder/" . "$dirname" . "/");
if (!file_exists($filename)) {
mkdir("/uploadfolder/" . "$dirname", 0777);
exit;
} else {
}
?>
As a result, the script quits as soon as the folder is created.
There are multiple security problems with your script but I won't bother getting into them because this is not the place for security lessons :)
The line exit after the mkdir will cause the script to stop executing. If you want to create the folder then continue on to the file upload, you need to remove the exit statement. You can also remove the else portion of that if, since it's empty ...
$dirname = $folder = $_POST["folder"];
$filename = "/uploadfolder/" . "$dirname" . "/";
if (!file_exists($filename)) {
mkdir("/uploadfolder/" . "$dirname", 0777);
}
if ((($_FILES["file"]["type"] == "image/gif")
...
I am encountering a strange problem with my script which I am testing to upload PDF files. I can sucessfully upload some pdf files while not the other files, even though they are all pdfs and have .pdf as extension. Can anyone throw some light on this after going thtough my code
HTML PART:
<form enctype="multipart/form-data" action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post">
<input type="file" name="upload" /><br />
<input type="submit" name="submit">
PHP PART:
if(isset($_POST['submit'])){
$output_form = 0;
if (($_FILES["upload"]["type"] == "application/pdf")
&& ($_FILES["upload"]["size"] < 80000)){
if (file_exists("upload/" . $_FILES["upload"]["name"]))
{
echo $_FILES["upload"]["name"] . " already exists. ";
}
else
{
move_uploaded_file($_FILES["upload"]["tmp_name"],
"upload/" . $_FILES["upload"]["name"]);
echo "Stored in: " . "upload/" . $_FILES["upload"]["name"];
}
}else{
echo 'Invalid File';
}
}
For some files I am getting the output, stored in output. For the others I am getting the message 'Invalid File'.
Thanks
your code above seems to have a condition that if the filesize is greater than 80000 then it should throw the 'Invalid file' error? What size are the ones that fail? I'd be willing to bet if you comment out that condition it'll work
Had the same issues.
Found that the file type could also be application/x-octet-stream
So you need to check for that in the same statement that you are checking the file size.
Something like this:
if (($_FILES['pdfUpload']['type'] == "application/pdf")
|| ($_FILES['pdfUpload']['type'] == "application/x-octet-stream")
&& ($_FILES['pdfUpload']['size'] < 9000000)) //Much larger and we get a timeout during transfer
My 2 cents worth
I have this script for uploading a image and content from a form, it works in one project but not the other. I have spent a good few hours trying to debug it, I am hoping someone could point out the issue I might be having. Where there are comments is where I have tried to debug. The first error I got was the "echo invalid file" at the beginning of the last comment. With these specific areas commented out the upload name and type that I am supposed to be grabbing from the form is not being echoed, I am thinking this is where the error is occurring, but can't quite seem to find it. Thanks.
<?php
include("../includes/connect.php");
/*
if ((($_FILES["file"]["type"] == "image/gif")
|| ($_FILES["file"]["type"] == "image/jpeg")
|| ($_FILES["file"]["type"] == "image/pjpeg"))
&& ($_FILES["file"]["size"] < 2000000))
{
*/
if ($_FILES["file"]["error"] > 0)
{
echo "Return Code: " . $_FILES["file"]["error"] . "<br />";
}
else
{
echo "Upload: " . $_FILES["file"]["name"] . "<br />";
echo "Type: " . $_FILES["file"]["type"] . "<br />";
echo "Size: " . ($_FILES["file"]["size"] / 1024) . " Kb<br />";
echo "Temp file: " . $_FILES["file"]["tmp_name"] . "<br />";
/* GRAB FORM DATA */
$title = $_POST['title'];
$date = $_POST['date'];
$content = $_POST['content'];
$imageName1 = $_FILES["file"]["name"];
echo $title;
echo "<br/>";
echo $date;
echo "<br/>";
echo $content;
echo "<br/>";
echo $imageName1;
$sql = "INSERT INTO blog (title,date,content,image)VALUES(
\"$title\",
\"$date\",
\"$content\",
\"$imageName1\"
)";
$results = mysql_query($sql)or die(mysql_error());
echo "<br/>";
if (file_exists("../images/blog/" . $_FILES["file"]["name"]))
{
echo $_FILES["file"]["name"] . " already exists. ";
}
else
{
move_uploaded_file($_FILES["file"]["tmp_name"],
"../images/blog/" . $_FILES["file"]["name"]);
echo "Stored in: " . "../images/blog/" . $_FILES["file"]["name"];
}
}
/*
}
else
{
echo "Invalid file" . "<br/>";
echo "Type: " . $_FILES["file"]["type"] . "<br />";
}
*/
//lets create a thumbnail of this uploaded image.
/*
$fileName = $_FILES["file"]["name"];
createThumb($fileName,310,"../images/blog/thumbs/");
function createThumb($thisFileName, $thisThumbWidth, $thisThumbDest){
$thisOriginalFilePath = "../images/blog/". $thisFileName;
list($width, $height) = getimagesize($thisOriginalFilePath);
$imgRatio =$width/$height;
$thisThumbHeight = $thisThumbWidth/$imgRatio;
$thumb = imagecreatetruecolor($thisThumbWidth,$thisThumbHeight);
$source = imagecreatefromjpeg($thisOriginalFilePath);
imagecopyresampled($thumb, $source, 0, 0, 0, 0, $thisThumbWidth,$thisThumbHeight, $width, $height);
$newFileName = $thisThumbDest.$thisFileName;
imagejpeg($thumb,$newFileName, 80);
echo "<p><img src=\"$newFileName\" /></p>";
//header("location: http://www.google.ca");
}
*/
?>
Perhaps you forgot to add enctype="multipart/form-data" method="post" to your HTML form, or have no <input type="file" name="file" id="file" value=""/> in your HTML.
Here's some problems with your script:
The 'error' value in the $_FILES array is not just a boolean, it will tell you if an upload succeeded, or why it failed. The error codes are defined here.
The 'type' value is supplied by the remote client. It's NOT determined by the web server or PHP. As such, doing mime-type verification based on that value is a major hole: it's trivial to forge the supplied type value. Best to use a server-side method, like fileinfo, to determine the actual mime type.
You blindly insert the form data into your insertion query, which leaves you wide open to SQL injection attacks. At least pass the data through mysql_real_escape_string() before building your query, or better yet, use PDO and parameterized queries
You're storing the files with the original client-provided name. You at least check if the filename's already in use, preventing upload collisions/overwriting, but there's also the case where the client's operating system/file system allows characters in filenames that the server's OS/FS do not, which could lead to subtle file "vanished" bugs, or overwriting entirely different files because the invalid characters were filtered out or translated to something else. Since you're using a database to store information about the upload, you can store the original filename in that table, and use the table's primary key (an auto_increment int, right?) as the filename.
Not really a problem, but in terms of efficiency, there's no need to use getimagesize() in your thumb creation function. GD has imagesx() and imagesy() which get the pixel size from a GD image handle. getimagesize() is independent of GD, so you're opening and parsing the source image twice. Again, it's not really a problem, but on a busy site, opening the image only once could be a decent cpu time and memory usage savings.
The error was in the html form file, I had added a name="something" beside the method="post" and enctype="multi/form-data" obviously this was not liked. Thanks RC for pointing me in the right direction. I am not quite sure why I did this.
$_FILES["file"]["error"] is not just a flag.
It has error codes.
Explained in the manual