RE: Re: Subject: mysql - image storing

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Ok Neil, I'll try this as well.I thought a readfile would be also forbidden by the htaccess, and I agree this would be a good solution.I don't really want to store the picture in the database but the fact is tha I should be able to do it if I want!

About the protection: magic_quotes is off for me. That means that I have to protect the data I want to insert because it won't be done automatically

So I don't unserstand Jason who says:

"Additionally, it should be noted that whether you need to use stripslashes()
on data retrieved from the database depends on the setting of
magic_quotes_runtime. The recommended setting is to have it disabled which
means you do not need stripslashes()."


magic_quotes is disabled, so I use addslashes for all my inserts and stripslashes when I retrieve them.
For that picture, I tried using addslashes/stripslashes, mysql_real_escape_string for upload,addslashes only for upload (thanks Mike for the clear explanation about how it is stored, I was always confused about that, and apparently I won't need stripslashes anymore for retrieval :-) ) and nothing.


So I would like to know if somebody has a very basic script for that that he is really using (very basic form just to ensure I can make it work as well), or if somebody can tell me what I'm doing wrong here...
Thanks to everybody!!


From: "Neil Smith [MVP, Digital media]" <php@xxxxxxxxxxxxxxxxxxxxxxxx>
To: php-db@xxxxxxxxxxxxx
CC: list_php@xxxxxxxxxxxxx
Subject:  Re: Subject: mysql - image storing
Date: Wed, 19 Jan 2005 00:48:39 +0000

No, really really , don't do this. Store the path to the image.
You then load the path into PHP and use

header("Content-type: image/jpeg");
readfile($path_from_database);
exit;

Then .htaccess the *actual directory* you store the images in so it's hidden from browsing.

Only allow authorised people access to their own images, using a standard authentication system, and retrieve the image filenames they're allowed from the DB, append that to your protected directory path, and use readfile() to pass through the file data directly to the browser.

Really, don't store them in the database ;-)

Cheers - Neil

At 18:59 18/01/2005 +0000, you wrote:
Message-ID: <BAY21-F17F19F7A3CEA5F97AB9E7BA78F0@xxxxxxx>
From: "mel list_php" <list_php@xxxxxxxxxxxxx>
To: php-db@xxxxxxxxxxxxx
Date: Tue, 18 Jan 2005 11:30:12 +0000
Mime-Version: 1.0
Content-Type: text/plain; format=flowed
Subject: mysql - image storing

Hi list,

I try to store/retrieve pictures into MySQL.

I know that a lot of people will say this is not a good practice, so here are briefly my reasons:
-I want to protect that pictures (restricted access)
-I don't want to use htaccess as I want my users to be able to modify their password whenever they want, and I don't want to modify dynamically an htaccess file.
-I could store them on the filesystem (my actual solution), but I have only few pictures, so I would like to give the MySQL option a trial.



_________________________________________________________________
It's fast, it's easy and it's free. Get MSN Messenger today! http://www.msn.co.uk/messenger


--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php


[Index of Archives]     [PHP Home]     [PHP Users]     [Postgresql Discussion]     [Kernel Newbies]     [Postgresql]     [Yosemite News]

  Powered by Linux