Steve

I am making a social network and one of the features is to allow for users to upload pictures. In code, I'm able to crop the picture (to be used as the "main image") and create a thumbnail of it. I then store each version of the file in two separate directories (one for the "main" image, one for the thumbnail). The files are uniquely names with the User ID, time, and a random string. The users will not see the URL. But all of the files are going into one of these two directories: should I somehow be storing the images in multiple/different subdirectories (like Facebook does)... or is the method I'm doing now sufficient (and I can change it down the line if necessary)? Thanks!

Thanks!! I read it as the author was using *both* methods; thanks for clarifying. I did notice the mysql_pconnect, but wasn't going to question it (so, thanks for bringing that up, too). Appreciated, as always!! Steve

Hi Larry/everyone, I came across this article: "Can You Hack Your Own Website?..." http://net.tutsplus.com/tutorials/tools-and-tips/can-you-hack-your-own-site-a-look-at-some-essential-security-considerations/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+nettuts+%28Nettuts%2B%29&utm_content=Google+Feedfetcher To sanitize inputs, the author used not only "mysql_real_escape_string" but also the function "addcslashes". Specifically, the line of code (that would be added to the "escapedata()" function on page 56) is: $string_b = addcslashes($string_i, "\x00\n\r\'\x1a\x3c\x3e\x25"); I was wondering your thoughts on this extra line of code; if it's necessary or not? Thanks!