To take it a step further, I would suggest creating a php script downloadimage.php as follows: <?php //downloadimage.php //some code to verify requested download against customers details, remembering not to send any output to the browser (would upset the header() function) // header("Content-type: image/jpeg"); $image_name=urldecode($requiredimage); header( "Content-Description: JPEG Image from Freds Library ($image_name)" ); header( "Content-Disposition: attachment; filename=$image_name" ); $the_image="/imagelibrary/highresolution/$image_name"; readfile($the_image); ?> Then link to that with <a href=downloadimage.php?imagename=10293492.jpg&customerid=11217&>Download Image</a> Make sure the images are outside of your webservers document root. Then you can programatically decide whether to serve the image to the user. Removes the possibility of leeching the entire library.. Tony -- Tony McCrory IT, Trinity Mirror group (Ireland) (028) 9068 0168 [EMAIL PROTECTED] "Hugh Bothwell" <hugh_bothwell@ho To: [EMAIL PROTECTED] tmail.com> cc: Subject: [PHP-DB] Re: Image Bank with php & mysql!! ??!! 07/30/2001 02:14 PM "Koutsogiannopoulos Karolos" <[EMAIL PROTECTED]> wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > I wan't your opinion regarding a program i am constructing. It is about an > image bank for graphic studios or anyone else who needs a program that can > insert his pictures or descriptions of it and be able to make a fast and > reliable search. http://www.hotscripts.com/PHP/Scripts_and_Programs/Image_Galleries/more2.htm l > What would be best.? Inserting the pictures in the DB or in the file system I would keep the image name in the database; save the original image in a dedicated directory with a numeric name like 4920185.jpg and then the thumbnail either with a suffix (like 4920185b.jpg) or with the same name in a thumbnails directory; store the number as the picture ID. The numbers should be large and pseudorandom, ie you don't want to make it easy for someone to write a script to leech all your pictures (it'll still be possible, but harder). Maybe use the database ID to seed a random number generator, and use the Nth generated number? Have a text field for keywords, a text field for description, a price field?, the author's name, email, and homepage. If you put the image directory below the web root directory, then the images can only be accessed via a script, and you can restore the original name at download (this solves the problem of name collisions). If you're going to sell the pictures, you should allow a buyer more than one download, in case they screw up or accidentally delete it on their system; I would have a table for 'current purchases' with a buyer ID and picture ID, and allow them something like access for a week, up to 20 downloads of that image. > ? Also notice that it is a reference db and not an actual bank. I mean that > there will be only photos of low quality and not the full picture which > could be very large. (shrug) as above, keep the images in the filesystem; then it doesn't matter how large it is. -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED] IMPORTANT NOTICE The information in this e-mail is confidential and should only be read by those persons to whom it is addressed and is not intended to be relied upon by any person without subsequent written confirmation of its contents. Furthermore, the content of this e-mail is the personal view of the sender and does not represent the advice, views or opinion of our company. Accordingly, our company disclaim all responsibility and accept no liability (including in negligence) for the consequences of any person acting, or refraining from acting, on such information prior to the receipt by those persons of subsequent written confirmation. In particular (but not by way of limitation) our company disclaims all responsibility and accepts no liability for any e-mails which are defamatory, offensive, racist or in any other way are in breach of any third party's rights, including breach of confidence, privacy or other rights. If you have received this e-mail message in error, please notify me immediately by telephone. Please also destroy and delete the message from your computer. Any form of reproduction, dissemination, copying, disclosure, modification, distribution and/or publication of this e-mail message is strictly prohibited. Trinity Mirror plc is the holding company for the Trinity Mirror group of companies and is registered in England No. 82548, with its address at Kingsfield Court, Chester Business Park, Chester CH4 9RE. -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]