diff --git a/Controller/NotesController.php b/Controller/NotesController.php
index d4b4187..cc53f2d 100644
--- a/Controller/NotesController.php
+++ b/Controller/NotesController.php
@@ -77,15 +77,15 @@ class NotesController
                 $_POST['content'], 
                 $_SESSION['user_id']
             );
-            
+
             if ($note) {
-                // Redirect to show notes page after successful creation
+                // Redirect to show notes page after successful update
                 header('Location: ?controller=Notes&page=showNotes&do=showNotes');
                 exit();
             } else {
-                // If creation failed, show error message and stay on the form
+                // If update failed, show error message and stay on the form
                 $this->view->setVars([
-                    'error' => 'Failed to create note. Please try again.'
+                    'error' => 'Failed to update note. Please try again.'
                 ]);
             }
         }
diff --git a/Model/NotesModel.php b/Model/NotesModel.php
index c3cb495..d4c6d7c 100644
--- a/Model/NotesModel.php
+++ b/Model/NotesModel.php
@@ -69,6 +69,11 @@ class NotesModel extends Database
         try {
             $stmt = $pdo->prepare("INSERT INTO notes (user_id, title, content) VALUES (?, ?, ?)");
             $stmt->execute([$userId, trim($title), $content]); // user_id is current session user
+            $noteId = $pdo->lastInsertId();
+            $uploadResult = $this->uploadFiles($noteId);
+            if (!$uploadResult['success']) {
+                return $uploadResult;
+            }
             return ['success' => true, 'message' => 'Note created successfully.'];
         } catch (PDOException $e) {
             error_log("Create Note Error: " . $e->getMessage());
@@ -130,6 +135,19 @@ class NotesModel extends Database
         }
     }
 
+    function getUploadedFiles($noteId) {
+        $pdo = $this->linkDB();
+        if (!$pdo) return [];
+        try {
+            $stmt = $pdo->prepare("SELECT * FROM files WHERE note_id = ?");
+            $stmt->execute([$noteId]);
+            return $stmt->fetchAll(\PDO::FETCH_ASSOC);
+        } catch (PDOException $e) {
+            error_log("Get Uploaded Files Error: " . $e->getMessage());
+            return [];
+        }
+    }
+
     function getNoteCount() {
         $pdo = $this->linkDB();
         if (!$pdo) return 0;
@@ -150,4 +168,40 @@ class NotesModel extends Database
     function isAdmin() {
         return $this->isLoggedIn() && isset($_SESSION['role']) && $_SESSION['role'] === 'admin';
     }
+
+    public function uploadFiles($noteId) {
+        $pdo = $this->linkDB();
+        if (!$pdo) return ['success' => false, 'message' => 'Database error.'];
+        
+        $uploadDir = $_SERVER['DOCUMENT_ROOT'] . '/EIANotesApp/Uploads/';
+        $uploadedFileNames = [];
+    
+        if (isset($_FILES['attachments']) && !empty($_FILES['attachments']['name'][0])) {
+            $files = $_FILES['attachments'];
+            
+            foreach ($files['name'] as $key => $name) {
+                if ($files['error'][$key] === UPLOAD_ERR_OK) {
+                    $tmpName = $files['tmp_name'][$key];
+                    $safeFilename = basename($name);
+                    $uniqueFilename = time() . '-' . preg_replace('/[^A-Za-z0-9.\-]/', '_', $safeFilename);
+                    $destination = $uploadDir . $uniqueFilename;
+    
+                    if (move_uploaded_file($tmpName, $destination)) {
+                        $uploadedFileNames[] = $uniqueFilename;
+
+                        $stmt = $pdo->prepare("INSERT INTO files (note_id, original_filename, stored_filename, file_type, file_size, uploaded_at) VALUES (?, ?, ?, ?, ?, ?)");
+                        $stmt->execute([$noteId, $safeFilename, $uniqueFilename, $files['type'][$key], $files['size'][$key], date('Y-m-d H:i:s')]);
+                    } else {
+                        $errmsg = "Error: Could not move uploaded file '$safeFilename'.";
+                    }
+                } else {
+                    $errmsg = "Error uploading file '$name'. Error code: " . $files['error'][$key];
+                }
+            }
+        }
+        if (isset($errmsg)) {
+            return ['success' => false, 'message' => $errmsg];
+        }
+        return ['success' => true, 'message' => 'Files uploaded successfully.', 'fileNames' => $uploadedFileNames];
+    }
 }
\ No newline at end of file
diff --git a/Views/Notes/createNote.phtml b/Views/Notes/createNote.phtml
index f014524..537c136 100644
--- a/Views/Notes/createNote.phtml
+++ b/Views/Notes/createNote.phtml
@@ -2,6 +2,16 @@
 use ppa\Model\NotesModel;
 include dirname(__DIR__).'/header.phtml';
 
+// Test write permissions
+// This is the directory we will upload files to.
+$uploadDir = $_SERVER['DOCUMENT_ROOT'] . '/EIANotesApp/Uploads/';
+if (!file_exists($uploadDir)) {
+    mkdir($uploadDir, 0777, true);
+}
+$testFile = $uploadDir . 'test_write.txt';
+$testContent = 'Test write operation at ' . date('Y-m-d H:i:s');
+$writeResult = file_put_contents($testFile, $testContent);
+
 $parsedown = new Parsedown();
 $parsedown->setSafeMode(true);
 
@@ -26,12 +36,16 @@ function sanitize($data, $flags = ENT_QUOTES, $encoding = 'UTF-8') {
 
 <div class="page-header">
     <h2>Create New Note</h2>
-        <a href="?controller=Notes&page=showNotes&do=showNotes" class="button secondary">Cancel</a>
+    <a href="?controller=Notes&page=showNotes&do=showNotes" class="button secondary">Cancel</a>
 </div>
 
+<label class="error-message"><?php if (isset($errmsg)):?>
+    <?php echo $errmsg;?> 
+<?php endif; ?></label>
+
 <div id="drop-zone">Drag & drop a .txt or .md file here, or fill manually.</div>
 
-<form id="note-form" method="POST">
+<form id="note-form" method="POST" enctype="multipart/form-data">
     <input type="hidden" name="action" value="create_note">
     <div class="form-group">
         <label for="title">Title:</label>
@@ -47,6 +61,13 @@ function sanitize($data, $flags = ENT_QUOTES, $encoding = 'UTF-8') {
             Start typing or drop a file to see preview...
         </div>
     </div>
+    
+    <div class="form-group">
+        <label for="attachments">Attach Files:</label>
+        <input type="file" id="attachments" name="attachments[]" multiple>
+    </div>
+
+
     <div class="form-actions">
         <button type="submit" class="button">Create Note</button>
     </div>
@@ -54,4 +75,4 @@ function sanitize($data, $flags = ENT_QUOTES, $encoding = 'UTF-8') {
     <input type="hidden" name="do" value="createNote">
 </form>
 
-</div>
+</div>
\ No newline at end of file
diff --git a/Views/Notes/showNotes.phtml b/Views/Notes/showNotes.phtml
index 2eb3a13..ed34abd 100644
--- a/Views/Notes/showNotes.phtml
+++ b/Views/Notes/showNotes.phtml
@@ -25,6 +25,10 @@
         <a href="?controller=Notes&do=createNote" class="button">Create New Note</a>
     </div>
 
+    <?php if (isset($errmsg)): ?>
+    <label class="error-message"><?php echo $errmsg; ?></label>
+    <?php endif; ?>
+    
     <table class="notes-table">
         <thead>
             <tr>