Solved

Save PHP uploaded image and other files, MySQL tables or disk?

Posted on 2008-10-31
2
261 Views
Last Modified: 2012-05-05
I am trying to create a file attachment plug-in module for my script. It should be something similar to vBulletin Forum's attachment feature. I know MySQL team recommends to save files in a disk and only save the file name in the table, instead of saving the file itself within the BLOB field. But what I am trying to do is:

Content Type 1: My script has a public forum.
Content Type 2: My script has different kinds of memberships: Standard, Gold, Platinum
Content Type 3: My script will allow a user to send private message to another user.


If I am going to use BLOB field to save the file, I won't have any of the permission restriction problems because I can easily query the database to allow/deny user access, but if I am going to save the files to the disk, how can I:

1. For "Content Type 1", I want to only allow logged in user to be able to download a file or view a image? I don't want anybody to be able to download or view it by just using URL on their browser.

2. For "Content Type 2", how to restrict the file access to only certain type of members? Do I have to let the script to manipulate the .htaccess to allow/restrict the subdirectory? In this case  how should I do that with the .htaccess file? What if there are a lot of members that .htaccess will get too big and require too much server resource? Is it possible to use .htaccess + database combined method?

3. For "Content Type 3", this is a private content, so it should only be accessible by the receiver, but nobody else.

4. For these kind of permission to work, should I create a subdir for each and every user? I won't have any problem with this. But a user might have send several different kind of private content with attached files to different users, so they should be restricted by files, not by sender's private subdir as whole.

Hope this not too confusing, thank you.
0
Comment
Question by:santocki
2 Comments
 
LVL 108

Accepted Solution

by:
Ray Paseur earned 500 total points
ID: 22854649
You can use .htaccess or other file permission tools to restrict access to an image file directory.  

You can also set things up so the only file you would allow clients to see would be the index.php file.  The logic in the index.php file would control what other files they could see or not see.

The BIG disadvantage of putting a BLOB into a data base is that it will make the entire data base slow and hard to back up.  You will never again want to do a SELECT * if you have images in the data base.

A subdir for each client might make sense.  Or a file naming convention that used the client-id as a prefix to the file names.  If there are a lot of clients, the subdir collection is the best way to go.

Good luck, ~Ray
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Select from sql by results from textbox 8 26
myqsl update statement on phpMyAdmin 8 21
updating the date data 12 21
Bootstrap collapse causes odd behavior with php loop 7 22
Both Easy and Powerful How easy is PHP? http://lmgtfy.com?q=how+easy+is+php (http://lmgtfy.com?q=how+easy+is+php)  Very easy.  It has been described as "a programming language even my grandmother can use." How powerful is PHP?  http://en.wikiped…
I imagine that there are some, like me, who require a way of getting currency exchange rates for implementation in web project from time to time, so I thought I would share a solution that I have developed for this purpose. It turns out that Yaho…
The viewer will learn how to count occurrences of each item in an array.
The viewer will learn how to create a basic form using some HTML5 and PHP for later processing. Set up your basic HTML file. Open your form tag and set the method and action attributes.: (CODE) Set up your first few inputs one for the name and …

912 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now