At 4:45 PM -0700 24/4/02, PHP List wrote:

>I was wondering about the following:
>Should I store a picture directly in a MySQL table? Or just store the link
>to a file on the system somewhere?

This should be a FAQ.

If you allow people to upload files via a web form, your only secure
option is to store the images in a database.

In order to allow uploaded files to be stored in the file system
the upload directory must be writable by the web server process.

Anyone with access to PHP on the system can upload a script which
alters or deletes the files in this directory.

If the server is an ISP's server, you're giving access to these files
to every other client of the ISP.

If you are the only person with access to the PHP server, this may be a
valid option. And if you are 100% sure the code will never be required
to run under different circumstances.

Personally I think databases these days (MySQL in my experience at
least) are more than reliable enough and fast enough to serve up
binary data in quite large quantities. If you run into performance
issues, implement a caching solution run from a crontab.


PHP General Mailing List (
To unsubscribe, visit:

Reply via email to