How can I store images on my server with php and index them with mysql?

Question

I want to store Images on my server and index them with my database so I can later search them by username or other collected information from the person who uploads the image. I thought I would have my program just save the location of the upload to the database while it uploaded. I'm pretty sure this is possible but being a nubie to php I need a place to start.

Answer 1

It's not only about the uploading of the files and storing the meta-data into database. Make sure you keep your application save against hijacking.

• Upload image by form.

• Make sure how to handle broken uploads or uploads with a failure while storing meta-data into database. (Otherwise use something like a garbage collection to avoid running out of discspace or having database entries without related files.)

• Always only registered users should be able to upload, use session cookies

• Make sure your server only accepts valid form-data of a valid session!!!

• Make sure you have a virus-scanner running on the server and if possible let your script react on it but don't show to the outside.

• Rename!!! files on server, kill the file-type suffix (store this infos in database, incl. mimetype to send), maybe use compression.

• Never ever let the user know where the files are stored!!! Use a download-script to hide infos about the file-path to the outside!

Edit:

This is not a complete list and only gives you an impression on how it could look like!

Upload:

Build an upload-script like...

• Build database tables like that:

  files

  uid, id, filename, real_filename, suffix, content_length, datetime_upload

  extensions (list of possibilities)

  uid, id, suffix, mimetype

  user->file relation

  uid, id, user_id, file_id

• Make sure upload-script is called from a valid user-session or exit

• Make sure if user has the right to store data (role model) or exit

• Receive form and check if form-data is valid (variables, captcha etc.) or exit

• Check if file-type is allowed, optionally make a binary check (file-type in header) and/or virus check of the file before finally saving

• Build an empty entry for file and receive file_id, otherwise error

• Build new filename, f.e.

  $new_filename = $file_id . '-' . md5($old_filename);

• Store data to disc

• If stored ok, update database entry, otherwise delete entry and error

• Store an entry for user_id->file_id

Download:

Build a download-script like...

• Make sure download-script is called from a valid user-session or exit

• Make sure if user has the right to download this piece of data (role model and user->file relation) or exit

• Get old filename, size, and mimetype to do some send action

• Send file to browser with the stored mimetype in the header to avoid that files are accepted and executed as something different (f.e. .exe) on client side. add the right download header, content-length and caching-header. add the binary data-stream from the right file.

Answer 2

Steps to follow:

Theres a couple of ways you can go about it - using an AJAX uploader or whether your just going to select an image within a form and just save the image along with the users data...

But the simple process for the AJAX would be...

• Upload Image
• Return Image name
• Save image name to database with the users reference
• To search - search image reference from the database to where the image is stored on database

Otherwise

• Press Save
• Upload the image to the directory
• Save the file name along with the users info if the transfer was successful
• Search database by the users reference and get the name of the image to that user