4

I am working in a site that receives about 500 photo uploads per day from its users. Although this is not a really high number, we are experiencing some collisions between different uploads. Some users have reported seeing the thumbnail of another picture instead of the one that they have uploaded. I have been looking for an explanation of this problem, and I have found a couple of questions in stackoverflow:

PHP temp file names for uploads colliding

PHP file uploads being "hijacked" by partial uploads

As I have read, the problem seems to be related to a collision in the file tmp name. In order to avoid that, we were considering to change the upload_tmp_dir PHP variable depeding on an integer calculated from the logged username in order to reduce the collision probability. However, this variable is not changeable at runtime, as when PHP starts to execute, the file is already posted to the server.

I am not sure about how to solve this issue, and I would like to fix it in order to prevent future problems if the daily upload rate keeps increasing.

There are many sites that handle large volumes of uploads, so I wonder how this collision problem is avoided. The site I am working in runs on PHP 5.2.14. I would prefer a PHP solution for simplicity, but I amb also interested in existing solutions that use other scripting languages, as long as they guarantee that no collisions happen between uploads.

Community
  • 1
  • 1
pau.moreno
  • 4,407
  • 3
  • 35
  • 37

1 Answers1

2

The problem can also lie in your DBlogic. A safe way is to insert a row to the DB, get the primary key of your record. Using that number as the filename will prevent collisions. You can do something like:

LOCK TABLES image WRITE;
INSERT INTO image (id) VALUES (NULL);
SELECT LAST_INSERT_ID();
UNLOCK TABLES;

Then have your (auto_increment) id. You can save the rest of your data (tags for example to different table) and process your file and the names won't collide.

vbence
  • 20,084
  • 9
  • 69
  • 118
  • We use the original photo name + a timestamp as a suffix to create the filename. The collisions seem to happen when getting the $_FILES['tmp_name'] field vlue. – pau.moreno Mar 15 '11 at 11:06
  • APC has the ability to track upload progress. May be it substitutes PHP's temp-name generation routine too. Worth a try. (Although it can produce spooky things with shutdown functions.) – vbence Mar 15 '11 at 14:47