TalkPHP - View Single Post - multi users uploading an image to a table

Village Idiot · 06-18-2008, 03:30 PM

Don't store files in the database, it will be a really bad thing if you get even remotely high traffic. Let the filesystem handle files and the database handle data. Store the files in a folder below the webroot and pull them up only if they have the proper credentials.

Also, don't track users by username. It is best to use a unique ID assigned to each user (primary keys+auto_increment is a good way to do this). That way you can change any user credential and things wont go different.

Lastly, verify your data. Besides being open to SQL injection, anything the user places on the cookie will be accepted. You will want to verify that the user in question is actually that user before displaying anything.

06-18-2008, 03:30 PM	#5 (permalink)
Village Idiot Wizard Join Date: Sep 2007 Posts: 1,299 Thanks: 17	Don't store files in the database, it will be a really bad thing if you get even remotely high traffic. Let the filesystem handle files and the database handle data. Store the files in a folder below the webroot and pull them up only if they have the proper credentials. Also, don't track users by username. It is best to use a unique ID assigned to each user (primary keys+auto_increment is a good way to do this). That way you can change any user credential and things wont go different. Lastly, verify your data. Besides being open to SQL injection, anything the user places on the cookie will be accepted. You will want to verify that the user in question is actually that user before displaying anything. __________________