Solved

Storing PDF and WORD docs in MySQL Database

Posted on 2006-07-07
3
2,817 Views
Last Modified: 2012-05-05
I need to upload pdf and word documents to my web server so that users, once they are logged in, can view them.

I am not sure if stuffing these docs into a MySQL database is the best way to do this or if I should just store the link to the file in the database.

My fear with the second option (just storing the link) is that someone will stumble across the document who is not logged in and, therefore, not authorized to view it.

Is there a way to keep someone from stumbling across these documents?  Should I even be worried about this if I store the docs several directories deep?

Any help would be GREATLY appreciated! Thanks!!
0
Comment
Question by:biffsmith
3 Comments
 
LVL 25

Accepted Solution

by:
jrb1 earned 500 total points
ID: 17063643
Hi biffsmith,

Yes, that is a difficult issue (file in directory vs. stored in DB).  We have started to store documents directly in the database, and things work pretty well.  Here's an example of code for MySQL:

http://dev.mysql.com/tech-resources/articles/vb-blob-handling.html

Dim rs As  ADODB.Recordset
Set rs = New ADODB.Recordset
Dim mystream As ADODB.Stream
Set mystream = New ADODB.Stream
mystream.Type = adTypeBinary

rs.Open "SELECT * FROM files WHERE 1=0", conn, adOpenStatic, adLockOptimistic
rs.AddNew

We now have an empty recordset (thanks to the WHERE clause) to work with, to which we have added a new row. Next we load a file to add to this recordset using the stream object.

mystream.Open
mystream.LoadFromFile "c:\\myimage.gif"

rs!file_name = "myimage.gif"
rs!file_size = mystream.size
rs!file = mystream.read
rs.Update
mystream.Close
rs.Close
conn.Close

Also a Java program dealing with this:

http://www.informit.com/guides/content.asp?g=java&seqNum=166&rl=1

Regards,
John
0
 
LVL 30

Expert Comment

by:todd_farmer
ID: 17063681
One way to prevent direct access to the documents is to provide a proxy application that serves them up.  In Java, for instance, you could store the files to a path outside of the application server (not directly accessible), and when a request is made to a servlet, open the file through an input stream and pipe the bytes out in the response.
0
 
LVL 26

Expert Comment

by:jar3817
ID: 17068174
I do something similar for a photo archive at my school. I just keep metadata in mysql like the name, size, dimensions, search keywords, etc. I keep the pictures in the filesystem but use an md5 hash as the filename. The hash is based on the contents of the file itself, so should there ever be a name conflict it means that the file already exists and should not be re-added. The names are also around 25 characters (or so) and are basically random so the chances of someone stumbling on a valid url to a document are slim to none.

I felt this was a better setup than having 1 huge database, but that is just me.
0

Featured Post

Control application downtime with dependency maps

Visualize the interdependencies between application components better with Applications Manager's automated application discovery and dependency mapping feature. Resolve performance issues faster by quickly isolating problematic components.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Introduction In this article, I will by showing a nice little trick for MySQL similar to that of my previous EE Article for SQLite (http://www.sqlite.org/), A SQLite Tidbit: Quick Numbers Table Generation (http://www.experts-exchange.com/A_3570.htm…
Password hashing is better than message digests or encryption, and you should be using it instead of message digests or encryption.  Find out why and how in this article, which supplements the original article on PHP Client Registration, Login, Logo…
Need to grow your business through quality cloud solutions? With everything required to build a cloud platform and solution, you may feel like the distance between you and the cloud is quite long. Help is here. Spend some time learning about the Con…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

914 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now