0

HOw can I allow users to upload to our servers files which then can be stored securely and that can be accessed by the users who uploaded them?

Where do i store them, in databases? or in folders on the website? And if i do use folders? how can i let people who own them to see it rather than anybody else?

I am new to the storage area, so please bare for any stupid questions.

Thanks.

KPO
  • 890
  • 2
  • 20
  • 40

2 Answers2

1

Files are files and not textual data that you need to search across or use aggregate functions upon in a database. The operating systems file system was written specifically to handle the fast serving and searching of files. So I would not put them in the database, but on the file system.

To secure them you can place them in a folder with a .htaccess file prohibiting access or place them outside the document_root. You then write a simple PHP script to server the files back to the user if they have permission to view it.

Treffynnon
  • 21,365
  • 6
  • 65
  • 98
  • Hey. But how do i write an htacess for each and every user?? and how do i set permissions. any tutorials i can view? – KPO Mar 18 '11 at 15:30
  • You *don't* write a `.htaccess` for each user. Just one to forbid all access _AND_ then use a PHP script to stream the files out to the user. – Treffynnon Mar 18 '11 at 15:36
  • Thanks. Give me a 2-4 days to try this. When it works i will mark your answer! – KPO Mar 19 '11 at 03:22
0

Files uploaded using <input type='file' /> arrive at the destination PHP script in the $_FILES superglobal array. (Documentation)

It's often best to store them in a binary BLOB column in the database, where you can easily associate them with a user id, protecting them from download by unauthorized users. They are often stored along with columns containing the file's MIME type and size in bytes.

To deliver the files back to the user in the browser, you can send the appropriate content-type header from PHP:

// the mimetype
header("Content-type: application/whatever");
header("Content-length: $length-in-bytes");

// echo the file out to the browser
echo $file;
exit();
Michael Berkowski
  • 267,341
  • 46
  • 444
  • 390
  • Is there a sample code i can refer to? I get the concept you are showing to me but not the process, as in implementing it. – KPO Mar 18 '11 at 14:40
  • See this earlier similar question: http://stackoverflow.com/questions/3300067/store-files-in-mysql-database-from-html-form – Michael Berkowski Mar 18 '11 at 14:43
  • Don't forget though that BLOB columns have finite size limit and you will need some code to split the file across multiple rows in the table. – Treffynnon Mar 18 '11 at 14:50