[PHP-DB] RE: Upload images with minimun effort from final user
A.J. Brown: snip A better solution is to rename the image to the unique ID of the news article it's associated with (assuming there is only one image allowed per article). This helps eliminate the chances of overwriting an existing image without bothering the user with error messages. When I do this, I usually use the md5sum of the unique ID instead of the actual number. For example: $image_name = md5($article_id) . .jpg; /snip is there a reason for this md5 approach? As you don't add any information, the news id is probably in the querystring anyway, how does it improve anything? I'm in the middle of writing an article about piecing together an imagebank prototype, and I've found so far that most people would like to add extra information, and store the image not connected to news or any listed articles. Like this, they can be reused, without uploading them again. A good filename approach is something still to do. Does it really matter, if the filename is something identifiable? Is it not even nicer if it was 'image_title_'.$id.'.jpg'? more readable than a checksum? Cheers, Matthias -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-DB] Re: Upload images with minimun effort from final user
Matthias, The md5 approach is just added security, which is something I always use in situations like this. All it really does is mask it, so a user can't see what the ID is (or that it's a sequential number at all) and therefore view images they were not intended to see. For example, if the URL for viewing an image is as follows: /getimage.php?image=15 A user could guess that there are 14 other images, and could retrieve them by replacing the 15 with any other number. If you use the md5 approach, the url becomes this: /getimage.php?image=9bf31c7ff062936a96d3c8bd1f8f2ff3 This makes it harder for them to guess the image ID, and view images they are not inteded to see. Of course, this is not necessary by any means, and only applies when you're concerned with an image being viewed unintentionally. It's VERY usefull if you also have a public script which a user can delete an image using a similar url as above as well. Using the first example, if my page is /delete_image.php?image=15, a malicious user could delete EVERY image by just replacing the number. Sincerely, A.J. Brown BitNotion Technologies [EMAIL PROTECTED] - Original Message - From: Matthias Willerich [EMAIL PROTECTED] To: A.J. Brown [EMAIL PROTECTED] Cc: php-db@lists.php.net Sent: Wednesday, September 28, 2005 2:23 AM Subject: RE: Upload images with minimun effort from final user A.J. Brown: snip A better solution is to rename the image to the unique ID of the news article it's associated with (assuming there is only one image allowed per article). This helps eliminate the chances of overwriting an existing image without bothering the user with error messages. When I do this, I usually use the md5sum of the unique ID instead of the actual number. For example: $image_name = md5($article_id) . .jpg; /snip is there a reason for this md5 approach? As you don't add any information, the news id is probably in the querystring anyway, how does it improve anything? I'm in the middle of writing an article about piecing together an imagebank prototype, and I've found so far that most people would like to add extra information, and store the image not connected to news or any listed articles. Like this, they can be reused, without uploading them again. A good filename approach is something still to do. Does it really matter, if the filename is something identifiable? Is it not even nicer if it was 'image_title_'.$id.'.jpg'? more readable than a checksum? Cheers, Matthias -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-DB] Re: Upload images with minimun effort from final user
You have just to rename the image with the news ID ! Perhaps I did not understand correctly your question ? Tell me if you want also an example (in french, sorry) of the upload and rename, etc wioth pear quickform David Arroyo wrote: Hi @ll, I have to make an interface for a newspaper site, where users can upload news including images. I want to store the image's name in a field of my NEWS table, in order to catch it with an img tag later, but I don't want people has to upload the image, remember its name, and put it as another field in the form. Can anyone help me with an example, tutorial or any idea? Thanks in advance, David. -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-DB] Re: Upload images with minimun effort from final user
You can store the original name of the uploaded file in your news table by extracting it from the variable you use to save the image, so there is no need for the user to input . Check this link: http://us3.php.net/features.file-upload A better solution is to rename the image to the unique ID of the news article it's associated with (assuming there is only one image allowed per article). This helps eliminate the chances of overwriting an existing image without bothering the user with error messages. When I do this, I usually use the md5sum of the unique ID instead of the actual number. For example: $image_name = md5($article_id) . .jpg; -- Sincerely, A.J. Brown BitNotion Techologies Sylvain Gourvil [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] You have just to rename the image with the news ID ! Perhaps I did not understand correctly your question ? Tell me if you want also an example (in french, sorry) of the upload and rename, etc wioth pear quickform David Arroyo wrote: Hi @ll, I have to make an interface for a newspaper site, where users can upload news including images. I want to store the image's name in a field of my NEWS table, in order to catch it with an img tag later, but I don't want people has to upload the image, remember its name, and put it as another field in the form. Can anyone help me with an example, tutorial or any idea? Thanks in advance, David. -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
