Could some please take a look at my code and see if there is anything wrong. It's probably something really easy which I am missing because I have been looking at this for an hour now.
Manage-company.php
<?php $result = mysql_query("SELECT rank FROM users"); $row = mysql_fetch_array($result); if ($row['rank'] == 3) { echo " <h2 class='form-title'>Manage Company</h2> <p>Please make sure you fill out company name or you won't be able to add a company.</p> <form target='add-company.php' method='POST' enctype='multipart/form-data'> <div class='form'> <div class='row'> <div class='col'>Company Name:*</div> <div class='col'><input type='text' name='company-name' /></div> </div> <div class='row'> <div class='col'>Website Link:</div> <div class='col'><input type='text' name='website-link' /></div> </div> <div class='row'> <div class='col'>Phone Number 1:</div> <div class='col'><input type='text' name='phone-number1' /></div> </div> <div class='row'> <div class='col'>Phone Number 2:</div> <div class='col'><input type='text' name='phone-number2' /></div> </div> <div class='row'> <div class='col'>Company Email:</div> <div class='col'><input type='text' name='company-email' /></div> </div> <div class='row'> <div class='col'>VAT Number:</div> <div class='col'><input type='text' name='company-vatnumber' /></div> </div> <div class='row'> <div class='col'>Registered Address:</div> <div class='col'><input type='text' name='company-address' /></div> </div> <div class='row'> <div class='col'>Username:</div> <div class='col'><input type='text' name='company-username' /></div> </div> <div class='row'> <div class='col'>Password:</div> <div class='col'><input type='text' name='company-password' /></div> </div> <div class='row'> <div class='col'>Company Description:</div> <div class='col'><input type='text' name='company-description' /></div> </div> <div class='row'> <div class='col'>Company Testimonial:</div> <div class='col'><input type='file' name='company-testimonial' id='company-testimonial' /></div> </div> </div> <input type='submit' name='submit' style='margin: 5px auto;' /> </form> "; } else { echo 'You do not have access!'; } ?>Add-company.php
<?php include('core/init.inc.php'); $dir = 'uploads/pdf'; $allowed = array('application/pdf'); $file_name = $_FILES['file']['name']; $file_type = $_FILES['file']['type']; if (in_array($file_type, $allowed) && $file_size < 7000000) { move_uploaded_file($_FILES["file"]["tmp_name"], "$dir/" . $file_name); $company_name = mysql_real_escape_string($company_name); $website_link = mysql_real_escape_string($website_link); $phone_number1 = mysql_real_escape_string($phone_number1); $phone_number2 = mysql_real_escape_string($phone_number2); $company_email = mysql_real_escape_string($company_email); $company_vatnumber = mysql_real_escape_string($company_vatnumber); $company_address = mysql_real_escape_string($company_address); $company_username = mysql_real_escape_string($company_username); $company_password = mysql_real_escape_string($company_password); $company_description = mysql_real_escape_string($company_description); $company_testimonial = mysql_real_escape_string($company_testimonial); mysql_query("INSERT INTO `company` (`company_name`, `website_link`, `phone_number1`, `phone_number2`, `company_email`, `company_vatnumber`, `company_address`, `company_username`, `company_password`, `company_description`, `company_testimonial`) VALUES ('{$company_name}', '{$website_link}', '{$phone_number1}', '{$phone_number2}', '{$company_email}', '{$company_vatnumber}', '{$company_address}', '{$company_username}', '{$company_password}', '{$company_description}', '{$company_testimonial}')"); echo 'test'; } else { echo "Invalid file"; } ?>