<div>
<blockquote>
 into a database table where they are stored as a longblob (MySQL)
</blockquote>
I have never understood why one would want to store documents in a DB Table. The OS file system is a perfectly good store and far simpler than extracting blobs from a database. Best practice is store the document in the file system and the path in the database.<br />
<br />
The danger is what you would expect from allowing content from untrusted sources onto your network. <br />
Here are some things to consider<br />
1. Assume all incoming documents are suspect and treat accordingly. Scan all incoming documents for malware<br />
2. Store the documents outside of the webroot to prevent direct access to the documents<br />
3. Store the path to the document in the database.<br />
4. Limit uploads only to the document types you allow<br />
5. Do not trust the extension or the mime type in the header - test the document to ensure it is of the claimed type.
</div>


<div>
Could you provide any pointers on &quot;test the document to ensure it is of the claimed type. &quot;
</div>


<div>
Thank you for that. &nbsp;We are using javascript.
</div>


<div>
<blockquote>
We are using javascript.
</blockquote>
That is client side - what are you using to connect to MySQL?
</div>


<div>
<div class="content wysiwyg-content">
We permit members to upload certain file types; pdf, docs, xlms, jpg and some other image file types &nbsp;from our website into a database table where they are stored as a longblob (MySQL) and the documents/images can be viewed / downloaded by the member as well.<br />
<br />
What is the danger of them introducing some malevolent code that would affect our database or our server? &nbsp;What steps could we take to mitigate this?
</div>
</div>


We permit members to upload certain file types; pdf, docs, xlms, jpg and some other image file types  from our website into a database table where they are stored as a longblob (MySQL) and the documents/images can be viewed / downloaded by the member as well.

What is the danger of them introducing some malevolent code that would affect our database or our server?  What steps could we take to mitigate this?

what is the danger in permitting members to upload documents to your database?

MySQL is an open source, relational database management system that runs as a server providing multi-user access to a number of databases. Acquired by Oracle in 2009, it is frequently used in combination with PHP installations, powering most of the WordPress installations.

MySQL Server

A Document Management System (DMS) is a system (both hardware and software) used to track, manage and store documents and reduce paper. Most are capable of keeping a record of the various versions created and modified by different users (history tracking). It is often viewed as a component of enterprise content management (ECM) systems and related to digital asset management, document imaging, workflow systems and records management systems.