Jump to content

Recommended Posts

After spending a week or more writing a super-duper "Upload Photo" script back in January, I have come to realize something I missed...

 

There is no way to monitor whether a User uploaded a questionable photo (e.g. nude).

 

Having already built out quite a bit in my website, I am unsure of the easiest way to shoe-horn in code to monitor Uploads?  :-\

 

I was thinking of writing a PHP Function that takes a "photo_name" - which I believe is some hash value -  as an input, then runs a query against the "member" table to see if it was approved, and if it was, return the "photo_name" - which then be echoed - otherwise return "pending_approval.jpg" instead.

 

If I take this approach, then changing my code would just go from something like this...

<img src="/uploads/<?php echo $photoName; ?>" width="100" alt="<?php echo 'Thumbnail of ' . $user ?>" />

 

 

To something like this...

<img src="/uploads/<?php echo validateUploadedPhoto($photoName) ?>" width="100" alt="<?php echo 'Thumbnail of ' . $user ?>" />

 

 

BTW, does that syntax work, or would I need to do this...

$photoName = validateUploadedPhoto($photoName);

<img src="/uploads/<?php echo $photoName; ?>" width="100" alt="<?php echo 'Thumbnail of ' . $user ?>" />

 

Sincerely,

 

 

Debbie

 

 

To clarify...

 

If I have to go in to every Prepared Statement and Query I have in all of my web pages where a Photo appears, and change things to handle how to display a Photo that was/was not approved, that would be a *major* PITA.

 

I hate to have to run a standalone query just to grab the Photo, when a lot of times I am already grabbing data from the "member" table, but then the trade-off is what I mention above.

 

Follow me?

 

Thanks,

 

 

Debbie

 

Easiest change:

Add an "approved" flag to the photos table which indicates what it sounds like it indicates. You might want one on the users table too: if a user is approved then their uploads are automatically approved (lets you skip moderation of people who have shown themselves to be trustworthy). But then you'd need some kind of "report" functionality.

 

Then do the uploads like normal.

 

When it comes time to show an image, if approved then you do as normal, and if not then you handle it differently. Personally I would just deny that the image exists in the first place, but otherwise you could use a placeholder image and some brief "Awaiting approval" message.

 

 

But before you go on with this, consider what is actually necessary. How worried are you that people will upload inappropriate images? If they do, what happens? If there's little chance or little fallout then a pre-moderation system might be overkill and a reporting system would be all you'd need. How many photos will be uploaded in an hour? Do you have enough people to handle the approval process? Quickly enough to not alienate your users? If not then you can let users find the bad ones. How about user moderation? Basically every site driven by a community includes some form of user moderation system, ranging from simple user/superuser flags to multi-level hierarchies.

Easiest change:

Add an "approved" flag to the photos table which indicates what it sounds like it indicates. You might want one on the users table too: if a user is approved then their uploads are automatically approved (lets you skip moderation of people who have shown themselves to be trustworthy). But then you'd need some kind of "report" functionality.

 

Then do the uploads like normal.

 

When it comes time to show an image, if approved then you do as normal, and if not then you handle it differently. Personally I would just deny that the image exists in the first place, but otherwise you could use a placeholder image and some brief "Awaiting approval" message.

 

I get this part, although I like your addition of:

if a user is approved then their uploads are automatically approved (lets you skip moderation of people who have shown themselves to be trustworthy).

 

 

My question was "How expensive is the Function I described?"

 

I ask that, because usually where a Photo is displayed, so is other User Info (e.g. username, online status, name, etc).

 

It just seems like a waste to query "photo_name" and then not use it, because I am calling validateUploadedPhoto($photoName) which turns around and queries the same Photo again?!  :o

 

 

But before you go on with this, consider what is actually necessary. How worried are you that people will upload inappropriate images?

 

I don't know?!  This is for a website that doesn't exist yet...

 

 

If they do, what happens?

 

Well, I break their arm, but it also makes my website look unprofessional...

 

(Seems like a great opportunity for people to DEFACE my website...)  :(

 

 

If there's little chance or little fallout then a pre-moderation system might be overkill and a reporting system would be all you'd need.

 

Overkill, how so?

 

Is it unrealistic that people wait for their newly uploaded Photo to be approved?

 

 

How many photos will be uploaded in an hour?

 

If I could get 100 people to register at my website and visit now and then I'd have a party!!!

 

 

Do you have enough people to handle the approval process?

 

There is me...

 

 

Quickly enough to not alienate your users?

 

Tell me more about this...

 

(There is me...)

 

 

If not then you can let users find the bad ones. How about user moderation? Basically every site driven by a community includes some form of user moderation system, ranging from simple user/superuser flags to multi-level hierarchies.

 

Assuming anyone ever comes to my website, I suppose I could do that, although that sounds like more code and hassle than what I am proposing...

 

My idea is just one Function.

 

That idea means PHP to drive the logic, plus adding in a "Flag" button to every page that has a Photo which could be A LOT of work...

 

 

Debbie

 

 

Er yeah, expense. It depends what validateUploadedPhoto() actually does. Query the database? Since you have to do a query to get the photos in the first place, why not check then?

 

Re:

Unprofessional: This is the Internet. Shit happens. As long as you deal with it appropriately (right response soon enough) and had implemented something sufficient to do so then you're forgiven. Of course that's just the general case.

Overkill: You implement this pre-moderation system only to find out that 99.99% of images uploaded are safe. Sure you catch one bad image in 10,000 but how much time did you spend approving the other 9,999?

Alienate: If I'm using your site and discover that not only my photos have to be approved but it takes hours to do so then I probably won't use it. There are plenty of other sites I can go to instead.

Flag: How else will you know if a photo is approved? In the time between the upload and the approval the image has to be stored somewhere, and since the only difference between "new" and "approved" is, well, whether it's approved, why not reuse the same mechanism and extend it just a little bit to have that flag?

Unprofessional: This is the Internet. Shit happens.

 

@requinix: I have reported your post for the use of vulgar, obscene language which is in violation of the Terms of Service

You agree that you will not post any material which is false, defamatory, inaccurate, abusive, vulgar, hateful, harassing, obscene, profane, sexually oriented, threatening, invasive of a person's privacy, adult material.

 

jk, of course

Er yeah, expense. It depends what validateUploadedPhoto() actually does. Query the database? Since you have to do a query to get the photos in the first place, why not check then?

 

Every time I display a Photo, I need to get the "photo_name" from the database.

 

Really newbie question, but could I just make it so my PHP Function takes a "photo_name" from the SELECT and either returns something like "7894871023.jpg" or "photo_awaiting_approval.jpg"?  (I mean you can use bult-in MySQL Functions in the SELECT part of a Query.  Can you do that for home-grown PHP Functions??)  :shrug:

 

That way, I am not running a query on top of a query.

 

 

Re:

Unprofessional: This is the Internet. Shit happens. As long as you deal with it appropriately (right response soon enough) and had implemented something sufficient to do so then you're forgiven. Of course that's just the general case.

 

Same challenge, though.  It's just me.  What if I take your advice, add a way for viewers to report bad Photos, and then I don't get to it for several days?

 

 

Overkill: You implement this pre-moderation system only to find out that 99.99% of images uploaded are safe. Sure you catch one bad image in 10,000 but how much time did you spend approving the other 9,999?

 

Maybe, but if I have to approve so many Photos in a day that it becomes a full-time job, then my website has become *wildly* popular, and I would be making enough $$$ to maybe even afford you as my new "Lead Developer"...  ;)

 

(I mean that seriously too.)

 

 

Alienate: If I'm using your site and discover that not only my photos have to be approved but it takes hours to do so then I probably won't use it. There are plenty of other sites I can go to instead.

 

Yeah, but that is your favorite phrase, and I think you are "high-maintenance"!!  *LOL*  :P

 

Seriously, do you think "Average Joe User" would really get pissy having to wait 12-24 hours for one Profile Photo to be approved?  (My website is not Flickr...  I just want to allow people to upload ONE Photo of themselves for their Profile.)

 

 

Flag: How else will you know if a photo is approved? In the time between the upload and the approval the image has to be stored somewhere, and since the only difference between "new" and "approved" is, well, whether it's approved, why not reuse the same mechanism and extend it just a little bit to have that flag?

 

I don't understand what you are saying here...  :confused:

 

 

-----

As far as the "Report Image" idea - which I could use regardless of the other topic - how would I approach that?

 

I have this misconception it would be a whole lot of extra work, BUT maybe I am not envisioning how it would work properly...

 

Care to enlighten me?  (I still think it would be a PITA from a HTML standpoint, but I'll hear you out.)

 

Thanks,

 

 

Debbie

 

Every time I display a Photo, I need to get the "photo_name" from the database.

 

Really newbie question, but could I just make it so my PHP Function takes a "photo_name" from the SELECT and either returns something like "7894871023.jpg" or "photo_awaiting_approval.jpg"?  (I mean you can use bult-in MySQL Functions in the SELECT part of a Query.  Can you do that for home-grown PHP Functions??)  :shrug:

 

That way, I am not running a query on top of a query.

 

OK, yes you *could* build your query to return either the image name or the pending image name based upon the "approved" status (just use an IF condirion in the select statement). But, I would try to keep business logic out of the data abstraction processes. But why would you need to run two queries anyway? Just run one SELECT query to return the image name and the approved value. Then in your business logic (i.e. PHP code) check the approved value to determine if you will display the user submitted image or the pending image.

 

Simple Example

function getImage($userID)
{
    $query = "SELECT image_name, approved FROM images WHERE userID = '$userID'";
    $result = mysql_query($query);
    if(!mysql_num_rows($result)) { return false; }
    $row = mysql_fetch_assoc($result);
    $imageName = ($row['approved']!=1) ? 'pending.jpg' : $row['image_name'];
    return $imageName;
}

Every time I display a Photo, I need to get the "photo_name" from the database.

 

Really newbie question, but could I just make it so my PHP Function takes a "photo_name" from the SELECT and either returns something like "7894871023.jpg" or "photo_awaiting_approval.jpg"?  (I mean you can use bult-in MySQL Functions in the SELECT part of a Query.  Can you do that for home-grown PHP Functions??)  :shrug:

 

That way, I am not running a query on top of a query.

 

OK, yes you *could* build your query to return either the image name or the pending image name based upon the "approved" status (just use an IF condirion in the select statement). But, I would try to keep business logic out of the data abstraction processes.

 

You misunderstood me.

 

I was asking if I could create a PHP Function, validateUploadedPhoto, and then stick it into my MySQL SELECT statement so when I ran the query, the query returned either "78478648932.jpg" or "photo_pending_approval.jpg"

 

(I think you are saying it can be done if I write the logic in MySQL, which would still be kinda handy.)

 

 

But why would you need to run two queries anyway? Just run one SELECT query to return the image name and the approved value.

 

You missed what I said above...

 

*Typically* when I need to display a Member's Photo, I need to grab other pieces of information from the database as well.

 

For instance, I don't just display DoubleDee's Photo all alone on a page?!

 

Instead, I might display...

 

- Username

- Online Status

- Member Photo

- First Name

- Location

- Hobbies

 

So in order to get all of that Member Data, I write a query like...

SELECT username, online_status, photo_name, first_name, location, hobbies
FROM member
WHERE id=123;

 

And I was saying earlier that I hate to have all of those queries out there which gather "photo_name" but don't end up using it because I call for the "photo_name" a 2nd time in my new PHP Function.  Follow me?

 

(Everyone tells me "Queries are Cheap!", so maybe I am worrying about nothing at this point.  Yet I still like to be *efficient*!!)

 

Thanks,

 

 

Debbie

 

Um, no I understood you perfectly. You misunderstood me or simply chose to ignore what I was saying.

 

You should not put business logic into your data abstraction functionality. And, as you just stated you already have a query to get the image along with other data. So, when you get the username, status, photo etc. just include the image "approved" status along with all of that other data. Then determine the image to show in your current logic to display that data.

 

I'm not going to show you how to implement it in the query because 1) I don't think it is a good solution, 2) I already told you the process to do so, 3) now that you know the process it would be a good learning exercise to actually research and learn to do it on your own (although I'd advise against it).

 

(Everyone tells me "Queries are Cheap!", so maybe I am worrying about nothing at this point.  Yet I still like to be *efficient*!!)

Queries are not cheap. My companies SaaS application requires many more database servers than it does application servers and most performance issues are still tied to the database.

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.