|
Posted by The Natural Philosopher on 01/08/08 17:08
missmoo wrote:
> Hey,
>
> I would like to know what the differences are in terms of security,
> reliability and resources between storing user-uploaded images in a
> file or storing them in a mySQL database.
>
> Our company is starting an image-competition soon, and I am not sure
> if I should write the php script to insert the binary code into a
> mySQL database or if I should just store the files in a dedicated
> folder and the data about them in the mySQL database.
>
> We are expecting relatively big loads of files, at least 10,000 in the
> first 2 months.
>
> Which system should I use? Is there a real difference between the two?
> our server is apache2, if that has any effects on the answer..
>
> Thank you!
>
> Moriel Schottlender
I thought it would be a big issue to stuff them in the database, but it
was - with one notable issue* - easy.
Once indsider the database, they can only be accessed BY the database,
and the root user,. A considerable extra bit of security, and, since the
databasse is backed up regularly, a Good Thing in that sense as well..
no need to explicitly back up a directory of uploaded files, nor worry
about access permnissions to it.
* the one notable exception was a 'feature' of PHP file handling, I
wanted to use SQL LOAD_FILE to load the temporary file into the
database. BUT it does not actually exist on disk until php closes..a tad
too late to be useful. move_uploaded_file() did not create a disk file
either,. But copy() did. The bug and workaround are on the php docs site
somewhere.
The other gotcha was maximum file and memory limits on php. I upped
these from 16Mbyte to 64Mbytes, and did accidentally upload a 60Mbyte
PDF succesfully.
[Back to original message]
|