unsider Posted April 6, 2008 Share Posted April 6, 2008 I'm trying to create a little add-on for my users. They will be able to upload photos, creating their own photo gallery, but my question is: What is the best method of storing all these images? One table: 'images' (identified by the username that uploaded it), etc...? So these images will be stored with these stored attributes: image_id = auto increment ('1') image_caption = "this is the text to describe image" image_title = "image title here" image_date = CURRENT_TIMESTAMP and depending how it is done... image_username = "$_SESSION['username'] I can't really make sense of this, and maybe just laying it out on the table will help me understand. Question all you like, include anything you think will help me organize myself. Thanks. Quote Link to comment Share on other sites More sharing options...
roopurt18 Posted April 6, 2008 Share Posted April 6, 2008 /* Your existing user table */ `users` : `id`, <your other fields> /* Each user can have multiple image galleries */ `galleries` : `id`, `user_id`, `name`, `description`, `created`, `modified` /* Each gallery can have multiple images */ `gallery_images` : `id`, `gallery_id`, `description`, `file_extension`, `created`, `modified` The best way to handle uploaded files is to save them on the file system and save only their path and other information in the database. If the files are only available to users that are logged in, then you must take care not to store them inside of public_html or www on your server. One thing I like to do is name uploaded files after their auto_incrementing `id` in the database. Since it's guaranteed to be unique you don't have to worry about the file already existing when you try and save it. You also don't have to worry about invalid or pesky characters in the filename provided by the user, such as quotes, slashes, spaces, etc. Once you decided where to save them, you have to decide how you will organize them. Here are a couple of different structures: /public_html/web_root/user_data/galleries/<gallery_id>/ ~or~ /public_html/web_root/galleries/<user_id>/<gallery_id>/ Wherever you save them, you will have a bunch of image files for the gallery: <img_id>.jpg <img_id>.jpg <img_id>.gif <img_id>.png etc. You will need to store the file extension as well so you can create a name or mime-type a browser will know what to do with. I'll warn you now, do not use the file extension provided in the $_FILES array or by parsing the original file name. Those values can be faked and are not to be trusted. Look into a library like finfo (or fileinfo) or try and manipulate the uploaded file with PHP's GD library to determine for a fact that it is indeed an image and nothing disguised as one. Now you have a catch. PHP provides functions is_uploaded_file() and move_uploaded_file() to determine if a file is actually one uploaded from a browser. You should be using them before you enter anything into the database, but you won't know the parameters to pass to move_uploaded_file() until you get the mysql_insert_id() from the database. Here's a skeleton that you can fill in: <?php // Determine that the file is uploaded if( is_uploaded_file() ){ // You should know the user_id and gallery_id, so you know which directory // to place the file in. What you're missing is the image_id. That's OK. // When PHP accepted the upload, it gave the file a temp name, just use that // temp name for now to move it into the proper place if( move_uploaded_file() ){ $file_ext = ... // write code to determine the extension $image_id = ... // write code that inserts into DB and returns false // or mysql_insert_id() if( $image_id === false ){ // failed to insert into db // delete file from file system }else{ // rename temp file after $image_id . $file_ext } } } ?> Quote Link to comment Share on other sites More sharing options...
unsider Posted April 6, 2008 Author Share Posted April 6, 2008 I don't mean to bump to the top, but this deserves my gratitude, so thank you! This really clears some things up, and it's well summarized. Thank you again. Quote Link to comment Share on other sites More sharing options...
roopurt18 Posted April 6, 2008 Share Posted April 6, 2008 I found a significant error in my post. Where I said, If the files are only available to users that are logged in, then you must take care not to store them ___outside___ of public_html or www on your server. I meant "inside" where I said "outside." If you need clarification I can provide that. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.