Hello all,
I'm in the process of building a document-storage system for my firm with
PHP. The goal is this is essentially to allow users to upload documents to
our server (central repository) and allow other users to view/modify these
files.
I have a number of questions, most of them related to optimization of the
code. Any assistance on these from more experienced developers would be
much appreciated.
1. I will be allowing users to upload files of specific types only (DOC,
HTML, TXT, images). My original belief (maybe incorrect) was that allowing
users to upload scripts (.php, .cgi) was dangerous and should be disallowed.
I am now considering whether files, once uploaded, should be renamed - for
example, "abc.txt" gets renamed to "01.03.dat", with a reference in the
mySQL database containing the real name.
First, which of these two approaches is better, performance-wise (or is the
difference insignificant)?
Second, is it correct to say that if I adopt this "rename-after-upload"
approach, I can allow users to upload scripts also (since the file
extensions will be changed and no longer recognized as scripts).
2. Once the file is received by the upload script, I am using the followign
code to INSERT a record. I then use the insert_id() function to set the new
filename as well. Is this approach correct?
$query = "INSERT INTO data (category, owner, realname, created,
description, comment, view, modify) VALUES('$category', '$SESSION_UID',
'$file_name', NOW(), '$desc', '$comment', '$viewStr', '$modifyStr')";
$result = mysql_db_query($database, $query, $connection) or die ("Error in
query: $query. " . mysql_error());
$fileId = mysql_insert_id($connection);
$newFileName = $category . "." . $fileId . ".dat";
3. At the time of upload, it is possible to specify a list of users who can
"view" and "modify" the file. Currently I am storing this list as a
whitespace-separated list in a mySQL TEXT column.
Column "view" data: 3 11 1
At the time of displaying the list, I first SELECT * the entire list of
files, and then use explode() in combination with a "for" loop to split up
the "view" field and match each element againt the current user's ID. Only
if a match is found will I display the filename.
I suspect this approach is not optimal. Can anyone suggest a better approach?
Any insight into these issues will be much appreciated. Please CC a copy of
your response to
[EMAIL PROTECTED]
as well as the list (as I will be working on this @ home also and do not
have access to the full digest there)
TIA,
Vikram Vaswani
--
Sex is like air. It's only a big deal if you can't get any.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
