PHP File Upload Failing

For some reason my PDF upload form is failing consistently, I have this code:

<?php
if($_POST["submit"] == "Add PDF to Comm and Special Projects")
{
    $addsubp = $_POST["addsubp"];
    $addsubp_name = $_POST["addsubp_name"];
    $commuploadedfile = $_FILES['uploadedfile']['name'];
    $sqldoc = "INSERT INTO projects_links (pid, display_name, link) VALUES ('".$addsubp."','".$addsubp_name."','".$commuploadedfile."')";
    mysql_query($sqldoc) or die(mysql_error()); 
    echo "<BR>";
    $target_path = "D:\\Hosting\\69903\\html\\pdfs\\comm\\";    
    $target_path = $target_path . basename( $_FILES['uploadedfile']['name'开发者_运维知识库]); 

    if(move_uploaded_file($_FILES['uploadedfile']['tmp_name'], $target_path)) {
        echo "<br>The file ".  basename( $_FILES['uploadedfile']['name']). 
        " has been uploaded<br>";
    } else{
        echo "<br>There was an error uploading the file, please try again.<br>";
    }
}
?>
<form method="post">
Add PDF to Project for Committees and Special Projects <br>Choose Project<select name="addsubp"><?php

$query = "SELECT
projects.*
FROM
projects";
$showresult = mysql_query($query);
$csp_c = 1;
while($buyarray = mysql_fetch_assoc($showresult))
{
    echo "<option value=".$buyarray['id'].">".$buyarray["pname"]."</option>";
}

?></select><br>
Choose Display Name for PDF <input type="text" name="addsubp_name" /> <Br>
Choose PDF: <input name="uploadedfile" type="file" /> <Br>
<input type="submit" value="Add PDF to Comm and Special Projects" name="submit" />
</form>

I have made sure that the application has write privileges to the "comm" directory. I have godaddy and used the file manager to make sure of that. I have had problems with permissions in this project before, so I know this isn't case. It keeps printing

There was an error uploading the file, please try again.

It doesn't attempt to upload any PDF at all, what am I doing wrong? thanks!

You may have permissions issues, but for file uploads your form tag should contain the proper enctype attribute.

<form enctype="multipart/form-data" method="POST">

and defining a file size limit is also a good idea:

<input type="hidden" name="MAX_FILE_SIZE" value="1000000" />

try checking the Upload error message: http://php.net/manual/en/features.file-upload.errors.php

1. Your code is blindly assuming the file upload succeeded. At bare minimum you should have something like

   if ($_FILES['uploadedfile']['error'] === UPLOAD_ERR_OK) { ... handle the upload }

2. Your code is vulnerable to SQL injection. You do not escape any of the 3 values you're inserting into the database

3. You're creating the database record before making sure the file was successfully moved into the target directory. What happens if the file can't be written for any reason (as it is now with your problem)? The database will say it's there, file system will say it isn't

4. You're not checking for file collisions. If two seperate uploads send "file.txt", the second upload will overwrite the first one.

5. You're storing the files with the user-supplied name, which is under user control. If this file is web-accessible, anyone with access to your upload form can upload anything they want (e.g. a php file) and the server will happily execute it for them.