1

I have a table storing userdata in MySql and along side other info it stores pictures(LOAD_FILE()) as BLOB. I take an image from user check its format and then using move_uploaded_file() rename it to session_id() and insert the info in table.

My Question: Is session_id() unique for all the session that are active at the movement across different devices accessing this site so that my image doesn't get overwritten.

If not, is there a better way of achieving this?

I am asking this question because this site may be used by many clients simultaneously in future and it's better to prevent a bug from happening.

Php version: 5.5.14

<?php

//rest of code
if($ext){
                $_SESSION["image"] = session_id().".".$ext;
                move_uploaded_file($_FILES['Pro_imgInp']['tmp_name'],$_SESSION["image"]);
                echo "Uploaded image: ". $_SESSION["image"] . "<br>";
                $_SESSION['ext'] = $ext;
                
            }
//rest of code
?>
Sal
  • 13
  • 3
  • You can use `uniqid()` or even `time()`. – Raptor Feb 11 '15 at 10:11
  • possible duplicate of [How unique is the php session id](http://stackoverflow.com/questions/138670/how-unique-is-the-php-session-id) – Fenistil Feb 11 '15 at 10:13
  • Possible duplicate http://stackoverflow.com/q/138670/2144796 – Edward Feb 11 '15 at 10:15
  • 1
    Session_id's are ment to be unique, it is technically possible to get a duplicate SID but very unlikely. If you want to make absolutely sure you do not get a crossover consider using user details like an email address or an autoincrement id. – Edward Feb 11 '15 at 10:19
  • Even when we assume that ids for _active_ sessions are different – how would that help you when you are storing data _long-term_? No, the session id is no good for that; in fact, you should never “abuse” it for anything that goes even remotely in that direction. Use it to identify sessions, and nothing else. – CBroe Feb 11 '15 at 10:58

1 Answers1

2

It is inefficient to store images in a database. Store them in the file system and write the path to the database.

To your question : a session id is not guaranteed to be unique at any moment in time on a server, even if the probability for collisions is very low.

For sure it is possible to have a session with an id that existed before. Therefore the images named by the session id should not live longer than the session itself.

Lorenz Meyer
  • 19,166
  • 22
  • 75
  • 121