Solved

Storing PDF and WORD docs in MySQL Database

Posted on 2006-07-07
3
2,812 Views
Last Modified: 2012-05-05
I need to upload pdf and word documents to my web server so that users, once they are logged in, can view them.

I am not sure if stuffing these docs into a MySQL database is the best way to do this or if I should just store the link to the file in the database.

My fear with the second option (just storing the link) is that someone will stumble across the document who is not logged in and, therefore, not authorized to view it.

Is there a way to keep someone from stumbling across these documents?  Should I even be worried about this if I store the docs several directories deep?

Any help would be GREATLY appreciated! Thanks!!
0
Comment
Question by:biffsmith
3 Comments
 
LVL 25

Accepted Solution

by:
jrb1 earned 500 total points
ID: 17063643
Hi biffsmith,

Yes, that is a difficult issue (file in directory vs. stored in DB).  We have started to store documents directly in the database, and things work pretty well.  Here's an example of code for MySQL:

http://dev.mysql.com/tech-resources/articles/vb-blob-handling.html

Dim rs As  ADODB.Recordset
Set rs = New ADODB.Recordset
Dim mystream As ADODB.Stream
Set mystream = New ADODB.Stream
mystream.Type = adTypeBinary

rs.Open "SELECT * FROM files WHERE 1=0", conn, adOpenStatic, adLockOptimistic
rs.AddNew

We now have an empty recordset (thanks to the WHERE clause) to work with, to which we have added a new row. Next we load a file to add to this recordset using the stream object.

mystream.Open
mystream.LoadFromFile "c:\\myimage.gif"

rs!file_name = "myimage.gif"
rs!file_size = mystream.size
rs!file = mystream.read
rs.Update
mystream.Close
rs.Close
conn.Close

Also a Java program dealing with this:

http://www.informit.com/guides/content.asp?g=java&seqNum=166&rl=1

Regards,
John
0
 
LVL 30

Expert Comment

by:todd_farmer
ID: 17063681
One way to prevent direct access to the documents is to provide a proxy application that serves them up.  In Java, for instance, you could store the files to a path outside of the application server (not directly accessible), and when a request is made to a servlet, open the file through an input stream and pipe the bytes out in the response.
0
 
LVL 26

Expert Comment

by:jar3817
ID: 17068174
I do something similar for a photo archive at my school. I just keep metadata in mysql like the name, size, dimensions, search keywords, etc. I keep the pictures in the filesystem but use an md5 hash as the filename. The hash is based on the contents of the file itself, so should there ever be a name conflict it means that the file already exists and should not be re-added. The names are also around 25 characters (or so) and are basically random so the chances of someone stumbling on a valid url to a document are slim to none.

I felt this was a better setup than having 1 huge database, but that is just me.
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

Suggested Solutions

Introduction Since I wrote the original article about Handling Date and Time in PHP and MySQL (http://www.experts-exchange.com/articles/201/Handling-Date-and-Time-in-PHP-and-MySQL.html) several years ago, it seemed like now was a good time to updat…
Creating and Managing Databases with phpMyAdmin in cPanel.
Internet Business Fax to Email Made Easy - With eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…
This tutorial demonstrates a quick way of adding group price to multiple Magento products.

706 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now