Storing Files

[The Little Guy]

When storing files, would it be best to store them in a mysql BLOB, instead of a direct file on the server?

 

I ask, because I want to place files on the server that can only be accessed if purchased. If someone knows the exact URL of the file, they can then download it for free.

[.josh]

If someone knows the exact URL of the file, they can then download it for free.

only if you keep the file in a public directory, or have the permissions set for them to...

[deadonarrival]

It would work, alternatively use .htaccess to hide the files from being viewed directly, or place them above the document root.

[The Little Guy]

If I place them above the root, will they still be download able?

[deadonarrival]

No, anything above your /www/ directory (on apache) can't be accessed directly.

[mushroom]

No, anything above your /www/ directory (on apache) can't be accessed directly.

That will work, as long as the directory is readable by php and you have a directory that is readable and writable by php that can be accessed by apache.

 

I have written such a script for private viewing of screen shots of confidential info.

 

php:

validates the user

creates a randomly named 25 character directory

copy's the file(s) to it.

produces the appropriate web page

flushes the output

waits a preset time then erases the file and directory

[The Little Guy]

I was thinking that the solution could be done with: Readfile, then use some sort of stream such as octet-stream to download the file to the users computer if they have access to the file according to the PHP, otherwise display an error for them.

 

Sound reasonable?