I l wrote: > the best security practice is to store the jpg file or any other uploaded > file in your mySql database. This way you never have to worry about > someone > executing php by the url like www.example.com/pic.jpg. To view the file, > the > user would type www.example.com/veiw.php?fileID=3425433345. > > You can also keep information about the file uploaded in your mysql such > as > IP address. > > I cann't really see any security problems here. Yeah, with any luck at all, your binary file will corrupt itself, and then make your entire database unreadable by anybody, even you. Now *THAT'S* secure! :-) Secret Tip: There is a little-known feature of an incredibly-efficient high-volume thoroughly-tested software base that makes it very very very good at storing and retrieving large binary files such as JPEGs and other rich media with very small chance of file corruption, and even less chance of file corruption affecting other data or applications. I'm not really sure I should tell you about this great secret feature, but I guess I might as well... It's called the "File System" and it's packaged with your Operating System. :-) Storing JPEGs in your database instead of the file system is like keeping your groceries in the trunk of your car outside in the winter instead of in the fridge. It will work, but it's not really the best idea. YMMV -- Like Music? http://l-i-e.com/artists.htm -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php