I have a standard multipart/enc form to allow users to upload files.
Pseudocode:
//call function to insert file details into the database
if( NOT file upload attack, wrong file type, etc.){
//copy the file to the permanaent location
}
else{
//delete the record of file
Why don't you just do the sql insert *after* the file upload function?:
Pseudocode:
if( NOT file upload attack, wrong file type, etc.){
//copy the file to the permanaent location
//call function to insert file details into the database
}
else{
//echo error to user
