We are making a social site for a client (final project for classes) and he wants a photo uploading feature.
We thought about putting a link in a MySQL database to the picture with a unique ID for the picture and also a foreign key to the User ID.
But I was wondering what would be the safest method.
- Should we keep the picture name or rename it?
- Should we keep all pictures within the same folder, or have a separate folder for each Unique User ID?.
- If we rename the picture, should we just start with the unique ID for the picture? (1 to 开发者_StackOverflowXXXX)
Safe : any type of explointing with a malicious filename Fastest : to have 1 folders then XXXXX folder
For uploaded images I would rename the image to the userid-imageid so an image would be named 123-5554.jpg for example, this would group them by userid while keeping them in the same folder (using sorting), and provide a unique name for each image.
If you dont rename the image, someone could easily upload a image called picture.jpg more than once.
I would change each pictures filename to something unique. Each picture should have a unique id in the table as well. Then you can set a foreign key on the picture's unique id to the user's id.
Your second question is kind of your own preference, depends on the kind of structure you would want to have. I would create a separate folder for each user, its more intuitive and a little easier to navigate if there is a lot of data.
精彩评论