<tr> 
    <td valign="top">Profile Image</td> 
    <td> 
      <?php list(list($current_user_with_uploads),) = getRecords(array('tableName' => 'accounts', 'where' => mysql_escapef('num = ?', $CURRENT_USER['num']), 'allowSearch' => false)); ?> 
      <?php if (sizeof(@$current_user_with_uploads['profile_image'])): 
        $upload = $current_user_with_uploads['profile_image'][0] ?> 
        <a href="<?php echo $upload['urlPath'] ?>"> 
          <img src="<?php echo $upload['thumbUrlPath'] ?>" width="<?php echo $upload['thumbWidth'] ?>" height="<?php echo $upload['thumbHeight'] ?>" alt="" /><br/> 
        </a> 
      <?php else: ?> 
        No image uploaded<br /> 
      <?php endif ?> 
      Upload: <input type="file" name="profile_image"> 
    </td> 
   </tr>

    // upload 'profile_image' if supplied 
    $uploadFieldName = 'profile_image'; 
    $uploadInfo = @$_FILES[$uploadFieldName]; 
    if ($uploadInfo && !$errorsAndAlerts) { 
       
      /// attempt to save the upload 
      $errors = saveUpload('accounts', $uploadFieldName, $CURRENT_USER['num'], null, $uploadInfo, $newUploadNums); 
       
      /// check for errors 
      if ($errors) { 
        $errorsAndAlerts .= "There was a problem with your upload: $errors<br/>\n"; 
      } 
      else { 
       
        /// if the upload was successful, delete any other uploads associated with that record and field (so users only ever have 1 profile image) 
        global $TABLE_PREFIX; 
       
        // create query 
        $where  = mysql_escapef(" WHERE tableName = 'accounts' AND recordNum = ? AND num != ?", $CURRENT_USER['num'], $newUploadNums[0]); 
       
        // remove upload files 
        $query  = "SELECT * FROM `{$TABLE_PREFIX}uploads` $where"; 
        $result = mysql_query($query) or die("MySQL Error: ". htmlspecialchars(mysql_error()) . "\n"); 
        while ($row = mysql_fetch_assoc($result)) { 
          $files = array($row['filePath'], $row['thumbFilePath'], @$row['thumbFilePath2'], @$row['thumbFilePath3'], @$row['thumbFilePath4']); 
          foreach ($files as $filepath) { 
            if (!$filepath || !file_exists($filepath) || @unlink($filepath)) { continue; } 
       
            //$error  = "Unable to remove file '" .htmlspecialchars($filepath). "'\n\n"; 
            //$error .= "Please ask your server administrator to check permissions on that file and directory.\n\n"; 
            //$error .= "The PHP error message was: $php_errormsg\n"; 
            //die($error); 
          } 
        } 
        if (is_resource($result)) { mysql_free_result($result); } 
       
        // remove upload records 
        mysql_query("DELETE FROM `{$TABLE_PREFIX}uploads` $where") or die("MySQL Error: ". htmlspecialchars(mysql_error()) . "\n"); 
      } 
     
    }

function removeUpload($uploadNum) { 
  $where = mysql_escapef('num = ?', $uploadNum); 
   
  // remove upload files 
  $row = mysql_query_fetch_row_assoc("SELECT * FROM `{$TABLE_PREFIX}uploads` $where"); 
  $files = array($row['filePath'], $row['thumbFilePath'], @$row['thumbFilePath2'], @$row['thumbFilePath3'], @$row['thumbFilePath4']); 
  foreach ($files as $filepath) { 
    if (!$filepath || !file_exists($filepath) || @unlink($filepath)) { continue; } 
 
    //$error  = "Unable to remove file '" .htmlspecialchars($filepath). "'\n\n"; 
    //$error .= "Please ask your server administrator to check permissions on that file and directory.\n\n"; 
    //$error .= "The PHP error message was: $php_errormsg\n"; 
    //die($error); 
  } 
 
  // remove upload record 
  mysql_query("DELETE FROM `{$TABLE_PREFIX}uploads` $where") or die("MySQL Error: ". htmlspecialchars(mysql_error()) . "\n"); 
}

 $name_of_uploaded_file =basename($_FILES['photo']['name']); 
//get the file extension of the file 
$type_of_uploaded_file =substr($name_of_uploaded_file,strrpos($name_of_uploaded_file, '.') + 1); 
//get the size of the file		  
$size_of_uploaded_file =$_FILES["photo"]["size"]/1024;//size in KBs 
			 
//copy the temp. uploaded file to attachdoc folder 
		$upload_folder='photo/'; 
		$path_of_uploaded_file = $upload_folder . $name_of_uploaded_file; 
 
//echo 'path_of_uploaded_file'.$path_of_uploaded_file; 
		 
$tmp_path = $_FILES["photo"]["tmp_name"]; 
		  
if(is_uploaded_file($tmp_path)) 
		{ 
copy($tmp_path,$path_of_uploaded_file); 
		  if(!copy($tmp_path,$path_of_uploaded_file)) 
		  { 
			$errors .= '\n error while copying the uploaded file'; 
		  } 
		}

      $userNum = mysql_insert_id(); 
 
     saveUploadFromFilepath('customer_uploads', 'image', $userNum, '123456789' , $path_of_uploaded_file); 

/load records 
 list($customer_uploadsRecords, $customer_uploadsMetaData) = getRecords(array( 
    'tableName'   => 'customer_uploads', 
 )); 
   
  mysql_query("UPDATE `{$TABLE_PREFIX}customer_uploads` SET 
	 
 	     			  email             = '".$email."', 
					  first_name 	            = '".$first_name."', 
					  last_name 	            = '".$last_name1."', 
					  street_address           = '".$street_address."', 
					  city              = '".$city."', 
					  state             = '".$state."', 
				      zip               = '".$zip."', 
					  
					  sales_id			= '".$sales_id."', 
					  createdDate       = NOW(), 
                      updatedDate       = NOW(), 
                      createdByUserNum  = '0', 
                      updatedByUserNum  = '0' 
					    WHERE activation_code = '".mysql_escape($activation_code)."'")   
      or die("MySQL Error updating Record:<br/>\n". htmlspecialchars(mysql_error()) . "\n"); 
      $userNum = mysql_insert_id(); 
     @saveUploadFromFilepath('customer_uploads', 'uploads', $userNum, '123456789' , $path_of_uploaded_file);  
$errors='Thank You<br /><br />Your Portrait Order Has Been Successfully Placed.'; 
} 
 
?>

  $customerUploadRecords = mysql_select("customer_upload", "activation_code = '".mysql_escape($activation_code)."'"); 
   
  foreach ($customerUploadRecords as $record) { 
    @saveUploadFromFilepath('customer_uploads', 'uploads', $record['num'], '123456789' , $path_of_uploaded_file); 
  }

<?php if (!$customer_uploadsRecords): ?> 
     <span class="body-text-11">We're sorry.<br /><br />Activation Code "<?php echo @$activation_code; ?>" wasn't found in our system.<br /><br />Please check the number you entered, and then click <a href="upload.php">HERE</a> to try again, or <a href="contact.php">HERE</a> to contact customer support. <br/><br/></span><?php else: ?> 
 <?php foreach ($customer_uploadsRecords as $record): ?> 
<?php if (sizeof($record['uploads']) >= 1): ?><span class="body-text-bold-11">There's already an image uploaded for the order with Activation Code, "<?php echo @$activation_code; ?>".<br /><br />Sorry, you can't upload a second image.<br /><br />Click <a href="purchase.php">HERE</a> to place a new order, or <a href="contact.php">HERE</a> to contact customer support.</span> 
 
 
 <?php else: ?> 
              <span class="body-text-bold-11"><?php echo @$errors;?></span><br /> 
              <span class="body-text-11"><?php echo $common_informationRecord['image_upload_confirmation_page_text'] ?></span><br /> 
              <span class="body-text-11"><?php if (@$name_of_uploaded_file): ?><br />Uploaded Image File Name: "<?php echo @$name_of_uploaded_file; ?>"<?php else: ?><br />No Image was uploaded with this order.<?php endif ?> 
               
              </span></p> 
                <span class="body-text-11">Activation Code: "<?php echo @$activation_code; ?>"</span> <?php endif ?> <?php endforeach; ?><?php endif ?>

foreach ($customerUploadsRecords as $record) { 
    if (mysql_count('uploads', "tableName = 'customer_uploads' AND fieldName = 'uploads' AND recordNum = '".mysql_escape($record['num'])."'")) { 
      $errors .= "You have already uploaded an image for this record! <br/>\n"; 
    } 
    else{ 
      @saveUploadFromFilepath('customer_uploads', 'uploads', $record['num'], '123456789' , $path_of_uploaded_file); 
    } 
  } 
$errors .= 'Thank You<br /><br />Your Portrait Order Has Been Successfully Updated.';