Store user picture online and retrieve it

Question

As a part of the registration prgress of my app, the user can select a profile picture. My first idea was to store the picture in my database, but I read this isn't a good idea. I think the other solution is to upload the image to the filesystem and store the path in the db. Is this the right way to do this and is it save to store an unknown file in my system?

Answer 1

You have to check Always what files are you accepting with your upload function.
As for images check this post

Answer 2

It is good idea to store pics in database specially when there is some related data with it..

storing pics in filesystem can cause concurrency and other issues which you would have handle yourself.

Answer 3

Storing images and other binary assets in the database can be a pain - you can't easily view them from the SQL command line, the process of encoding and decoding the image can be a performance problem, and there are relatively few database operations you can do on the binary blob.

However, there are also a number of benefits - the image is backed up along with the rest of your database, and in a load balanced server farm, you don't have to worry about replicating the images across multiple web server file systems.

To get the best of both worlds, I'd recommend storing the images in the database, but caching them on the web server's filesystem. That way, if you add more servers to your farm, the cache will be built up as the image is requested. By caching the image, you don't pay the "decoding" performance penalty on each request.

You should NEVER trust anything your users do - you should at the very least restrict the file types users can upload to images (.png, .jpg, etc.). If you're running a large, public website, consider running uploaded files through a virus scanner - there aren't any vulnerabilities in image file types right now that I'm aware of, but there were some a few years ago, and they may return.