Php file upload issue

Hey I was hoping someone could point me in the right direction with this issue. I am using the script from Kevin’s book, Building a Database Driven Web site using Php and Mysql. The script works fine, but when it stores the file in the database it stores the entire binary data of the file not just the file name. I have the file being copied to an upload folder so I only need the file name in the database file. It would simplify the database to only have the file name listed as a reference to retrieve the file by. Here is the code


 $dbcnx = @mysql_connect('localhost', 'xxxxxxxx, 'xxxxxx');
 	if (!$dbcnx) {
		exit('<p>Unable to connect to the' . 'database server at this time.</p>');
	if (!@mysql_select_db('xxxxxxxx')) {
		exit('<p>Unable to locate the ' . 'database at this time.</p>');
	if (isset($_GET['action'])) {
		$action = $_GET['action'];
		$action = '';
if (isset($_FILES['upload']))
if (preg_match('/^image\\/p?jpeg$/i', $_FILES['upload']['type']) or 
   preg_match('/^image\\/gif$/i', $_FILES['upload']['type']) or 
   preg_match('/^image\\/(x-)?png$/i', $_FILES['upload']['type'])) 
 // Handle the file… 
 exit('Please submit a JPEG, GIF, or PNG image file.'); 
if (($action == 'view' or $action == 'dnld') and 
	isset($_GET['id'])) {
	$id = $_GET['id'];
//user is retrieving file
$sql = "SELECT filename, mimetype, filedata
	FROM filestore WHERE id = $id";
	$result = @mysql_query($sql);
if (!$result) {
	exit('Database error: ' . mysql_error());	
$file = mysql_fetch_array($result);
	if (!$file) {
	  exit ('File with given ID not found in database!' . $sql);
	 $filename = $file['filename'];
	 $mimetype = $file['mimetype'];
	 $filedata = $file['filedata'];
	 $disposition = 'inline';
if ($action == 'dnld') {
	$disposition = 'attachment';
	if (strpos($_SERVER['HTTP_USER_AGENT'], 'MSIE 5') or
		strpos($_SERVER['HTTP_USER_AGENT'], 'Opera 7')) {
		$mimetype = 'application/x-download';
header("content-disposition: $disposition; filename=$filename");
header("content-type: $mimetype");
header('content-length: ' . strlen($filedata));

echo $filedata;
} elseif ($action == 'del' and isset($_GET['id'])) {
	$id = $_GET['id'];
//user is deleting a file
$sql = "DELETE FROM filestore WHERE id = '$id'";
$ok = @mysql_query($sql);
if (!$ok) {
	exit('Database error: ' . mysql_error());
	header('location: ' . $_SERVER['PHP_SELF']);
} elseif (isset($_FILES['upload'])) {
	//bail out if the file isn't really an upload
	if (!is_uploaded_file($_FILES['upload']['tmp_name'])) {
	exit('There was no file uploaded!');

//Pick a file extension
if (preg_match('/^image\\/p?jpeg$/i', 
	$_FILES['upload']['type'])) {
	$extension = '.jpg';} 
if (preg_match('/^image\\/gif$/i', $_FILES['upload']['type'])) {
	$extension = '.gif';}
if (preg_match('/^image\\/(x-)?png$/i', $_FILES['upload']['type'])) {
	$extension = '.png';

//complete path and file name 
$filename = '/home/xxxxxxxx/public_html/Uploads/' . time() . $_SERVER['REMOTE_ADDR'] . $extension;
//Copy the file into "Uploads"
if (is_uploaded_file($_FILES['upload']['tmp_name']) and 
	copy($_FILES['upload']['tmp_name'], $filename)) {
        } else {
	echo "<p>Could not save file as $filename!</p>";
$uploadfile = $_FILES['upload']['tmp_name'];
$uploadname = $_FILES['upload']['name'];
$uploadtype = $_FILES['upload']['type'];
$uploaddesc = $_POST['desc'];
$uploadfirstname = $_POST['firstname'];
//$uploadlastname = $_POST['lastname'];
$uploadstreet = $_POST['street'];
$uploadcity = $_POST['city'];
$uploadstate = $_POST['state'];
$uploadzip = $_POST['zip'];

//open file for binary reading ('rb')
$tempfile = fopen($uploadfile, 'rb');

//read the entire file into memory using PHP's
//filesize function to get the file size
$filedata = fread($tempfile, filesize($uploadfile));

//prepare for database insert by adding backslashes
//before special characters.
$filedata = addslashes($filedata);

//copy file into upload directory.
$tempfile = copy($tmp_name, $filename);

//create the sql query	
$sql = "INSERT INTO filestore SET
	filename = '$uploadname',
	mimetype = '$uploadtype',
	description = '$filename',
	filedata = '$filedata',
	firstname = '$uploadfirstname',
	street = '$uploadstreet',
	city = '$uploadcity',
	state = '$uploadstate',
	zip = '$uploadzip'";

//perform the insert
$ok = @mysql_query($sql);
	if (!$ok) {
	exit('Database error storing file: ' . mysql_error());
	header('location: ' . $_SERVER['PHP_SELF']);
//default page view: list stored files
$sql = 'SELECT id, filename, mimetype, description, firstname
	FROM filestore';
$filelist = @mysql_query($sql);
if (!$filelist) {
	exit('Database error: ' . mysql_error());


if (isset($_POST['address'])):
	$firstname = $_POST['firstname'];
	//$lastname = $_POST['lastname'];
	$street = $_POST['street'];
	$city = $_POST['city'];
	$state = $_POST['state'];
	$zip = $_POST['zip'];
	$stock = $_POST['stock'];

$sql = "INSERT filestore SET
	firstname = '$firstname',
	street = '$street',
	city = '$city',
	state = '$state',
	zip = '$zip',
	selected_radio = '$stock'";
	if (mysql_query($sql)) {
	echo '<p>Error adding information ' . mysql_error() . '</p>';
<?php endif; ?>
				<tr><td><?php header('Location:;?></td>
					<th>File name</th>
				if (mysql_num_rows($filelist) > 0) {
				  while ($f = mysql_fetch_array($filelist)) {
				<tr valign="top">
						<a href="<?php echo $_SERVER['PHP_SELF'];
						?>?action=view&amp;id=<?php echo $f['id']; ?>">
                        <?php echo $f['filename']; ?></a>
                        <td><?php echo $f['mimetype']; ?></td>
                        <td><?php echo $f['description']; ?></td>
                        [<a href="<?php echo $_SERVER['PHP_SELF'];
						?>?action=dnld&amp;id=<?php echo $f['id']; ?>"
                        >Download</a> | 
                        <a href="<?php echo $_SERVER['PHP_SELF'];
						?>?action=del&amp;id=<?php echo $f['id']; ?>"
                        onclick="return confirm('Delete this file?');"
} else {
	<tr><td colspan="3">No Files!</td></tr>


I think it may be in the “read entire file into memory” part but before I commented it out and messed up I thought I would ask about it. Also if I comment out this line will the file still be uploaded and saved in the upload folder? Thanks much for the help.