As before, blob is the way to go, but SanHolo indicates that it is not very efficient in performance, and you will end up with problems, as your database can grow very fast!
Why don't you index the file name in the database and save the file on the server ?
The main reason to prevent such situations is security issues. If you are really trying to cover your bases by not allowing all users to see or capture content, you have two options.
Option A) gives the file a unique, unidentifiable name, for example, Flickr. The file name contains two hashes. User hash and file hash. The second hash is secret, and the only way to get it is with a trial version and an error. Take a look at this file on my Flickr . Is the user protected (only the family can see), but you can access it just fine, since the URL itself serves as protection: http://farm2.static.flickr.com/1399/862145282_bf83f25865_b.jpg , even if you arbitrarily tried generate hashes and found valid, it would be hidden by anonymity, since you would not know who it was from.
Option B) use the restriction on access to the server side. This method is more secure but more expensive for the server. You will configure a script that will allow / deny access to the file based on session_permissions or something like that. Look at the following code, which is called by accessing something like:
http://yourserver.com/getprotectedfile.php?filename=213333.jpeg
session_start(); // logic to verify the user is ok if($_SESSION['user_access']!=true) { exit('user not allowed here'); // WATCHOUT! THIS IS NOT SECURE! EXAMPLE ONLY. // on a production site you have to be sure that $filename will not point to a system file $filename = $_GET['filename']; // gets the file and outputs it to the user header('Content-type: image/jpeg'); header('Content-Length: '.filesize($filename)); readfile($filename);
Frankie Nov 03 '09 at 8:11 2009-11-03 08:11
source share