Image upload help

<?php   
include('../include/dbconnect.php');
include('../include/auth.inc.php'); $redirect =  ('../index.php');
$query = 'SELECT user_id, username FROM users_credits WHERE username = "' . mysql_real_escape_string($_SESSION['username'], $conn) . '"';          $result = mysql_query($query, $conn) or die(mysql_error($conn));  $row = mysql_fetch_array($result); extract($row); mysql_free_result($result);   // get data that sent from form $cat=$_POST['cat']; $os=$_POST['os']; $ram=$_POST['ram']; $graphics=$_POST['graphics']; $harddrive=$_POST['harddrive']; $detail=$_POST['detail'];  $datetime=date("d/m/y h:i:s"); //create date time  $query="INSERT INTO forum_question (id, user_id, cat, os, ram, graphics, harddrive, detail, username, datetime)  VALUES('', '$user_id', '$cat', '$os', '$ram', '$graphics', '$harddrive', '$detail', '$username', '$datetime')"; mysql_query($query) or die('Error, insert query failed');  $post_no = mysql_insert_id();   //change this path to match your images directory $dir ='../forum/screens';  //make sure the uploaded file transfer was successful if ($_FILES['uploadfile']['error'] != UPLOAD_ERR_OK) { switch ($_FILES['uploadfile']['error']) { case UPLOAD_ERR_INI_SIZE: die('The uploaded file exceeds the upload_max_filesize directive ' . 'allowed'); break; case UPLOAD_ERR_FORM_SIZE: die('The uploaded file exceeds the MAX_FILE_SIZE directive that ' . 'was specified in the HTML form.'); break; case UPLOAD_ERR_PARTIAL: die('The uploaded file was only partially uploaded.'); break; case UPLOAD_ERR_NO_FILE: die('No file was uploaded.'); break; case UPLOAD_ERR_NO_TMP_DIR: die('The server is missing a temporary folder.'); break; case UPLOAD_ERR_CANT_WRITE: die('The server failed to write the uploaded file to disk.'); break; case UPLOAD_ERR_EXTENSION: die('File upload stopped by extension.'); break; } }  //get info about the image being uploaded $image_caption = $_POST['caption']; $image_user_id = $user_id; $image_username = $username; $image_date = date('Y-m-d'); list($width, $height, $type, $attr) = getimagesize($_FILES['uploadfile']['tmp_name']);  // make sure the uploaded file is really a supported image switch ($type) { case IMAGETYPE_GIF: $image = imagecreatefromgif($_FILES['uploadfile']['tmp_name']) or die('The file you uploaded was not a supported filetype.'); $ext = '.gif'; break; case IMAGETYPE_JPEG: $image = imagecreatefromjpeg($_FILES['uploadfile']['tmp_name']) or die('The file you uploaded was not a supported filetype.'); $ext = '.jpg'; break; case IMAGETYPE_PNG: $image = imagecreatefrompng($_FILES['uploadfile']['tmp_name']) or die('The file you uploaded was not a supported filetype.'); $ext = '.png'; break; default: die('The file you uploaded was not a supported filetype.'); }  //insert information into image table $query = 'INSERT INTO images (image_caption, image_user_id, image_date, post_no) VALUES  ("' . $image_caption . '", "' . $image_user_id . '", "' . $image_date .'", "' . $post_no . '")'; $result = mysql_query($query, $conn) or die (mysql_error($conn)); //retrieve the image_id that MySQL generated automatically when we inserted //the new record $last_id = mysql_insert_id(); //because the id is unique, we can use it as the image name as well to make //sure we don't overwrite another image that already exists $imagename = $last_id . $ext; // update the image table now that the final filename is known. $query = 'UPDATE images SET image_filename = "' . $imagename . '" WHERE image_id = ' . $last_id; $result = mysql_query($query, $conn) or die (mysql_error($conn)); //save the image to its final destination switch ($type) { case IMAGETYPE_GIF: imagegif($image, $dir . '/' . $imagename); break; case IMAGETYPE_JPEG: imagejpeg($image, $dir . '/' . $imagename, 100); break; case IMAGETYPE_PNG: imagepng($image, $dir . '/' . $imagename); break; } imagedestroy($image);  $query = "UPDATE users_credits SET credits = credits - 1 WHERE username = '$username'"; mysql_query($query) or die('Error, insert query failed');  header('Location: ../index.php'); ?>