Question about final placement of uploaded files to a database

[moshe]

Hello!

Just finished the PHP & MySQL book, and first of all just want to say it is really great.

In the process of self learning/designing/building a complicated database project and was flailing before I got this excellent tutorial book that grounded my understanding in the foundational concepts pretty much all dynamic websites require. I now feel confident in starting construction now with an overall general understanding of the structure and coding required.

Im sure I will have many more questions from here on, but for now will start with one. I know I can google these questions I will be asking, however I also know there is too much information to parse and find the best advice taking everything including security into account as well as overall best standards and practices.

I am looking for some guidance about file uploads. The book goes as far as explaining the process of taking uploaded files and placing them in a temp file and then moving them to an uploads file outside the web directory. I am wondering, how do I organize the files after. Like do I make an individual folder lets say for every user and place the .jpg or .mp4 in a folder for the user that uploaded it? Also where do I place the folder, is it still outside the web directory if the jpg lets say needs to be viewed in the browser by users? Also what would be the general flow of retrieving the file?

Thats pretty much it for now. Also no rush, I'm not up to that yet, its just one of the things I've been thinking about at night.

Thanks a million in advance for your time and energy in responding to my questions!

[Larry]

Thanks for the nice words! Yes, as a general security rule you don't want user-uploaded files in the web directory. It would make sense to create a new folder for each user and store their uploads in their own directory.

Some OSes have limits on the number of files or folders than can be in a directory, so that's a problem you'll need to worry about should you get to a high level. 

To show, say, an image in the browser, you'd set the HTML src to something like image.php?id=X. The image.php script would identify the image to be served and output it. I forget if there's an example of that in this particular book but it's not that complicated.