There is an issue with the uploads folder.
Most filesystems will suffer a huge performance penaltiy if there are
> 100 files in a single folder.
So in an app that receives alot of uploads, having these all in one
folder is really really bad for the servers performance (think flickr
type site).
How could web2py handle a subfolder structure, that put the files that
were uploaded by date/time etc, something that keeps more than 100
files in any given folder ?
-Thadeus
On Thu, Jan 7, 2010 at 4:53 PM, mdipierro <mdipie...@cs.depaul.edu> wrote:
> There are two subfolders: private and uploads
>
> You should not mess up with uploads. Let SQLFORM put staff there and
> download retrieve it. You can manually do it but ONLY if you use
>
> db.table.insert(fieldname=db.table.fieldname.store
> (stream,'filename'))
>
> This is very special folder because there are a lot of security
> implications in having users uploads data (directory traversal
> attacks) and download data (authorizations). Let web2py deal with it
> by the book. It is complicated. There is a lot of code in web2py just
> to deal with this.
>
> Files that public should go in static/.
>
> Everything else should go in private but now you are on your own. You
> decide file naming conventions but you are also responsible for
> security holes.
>
> Massimo
>
> On Jan 7, 4:36 pm, weheh <richard_gor...@verizon.net> wrote:
>> How about with an <input type='textarea' name='xyz' /> which I then
>> write to a file abc under uploads/folder1/folder2 and want to insert
>> into the db.doc.filename, which is of type 'upload'?
>>
>> On Jan 7, 8:54 am, mdipierro <mdipie...@cs.depaul.edu> wrote:
>>
>> > If you have an <input type="file" name="xyz"/> represented as a
>> > FieldStorage in request.vars.xyz you can do
>>
>> > db.doc.insert(filename=db.doc.filename.store
>> > (request.vars.xyz.file,request.vars.xyz.filename))
>>
>> > On Jan 7, 1:37 am, weheh <richard_gor...@verizon.net> wrote:
>>
>> > > # model
>> > > db.define_table('doc',
>> > > Field('title','string'),
>> > > Field('filename','upload')
>> > > )
>>
>> > > #controller
>> > > text_form=SQLFORM.factory(Field('text_in','text',db.doc))
>> > > file_form=SQLFORM.factory(db.doc)
>> > > ...
>> > > if text_form.accepts(request.vars,formname='text_form'):
>> > > #insert data into the doc table
>> > > ...
>> > > if file_form.accepts(request.vars,formname='file_form'):
>> > > # etc
>>
>> > > The view has custom forms for both text_form and file_form.
>>
>> > > The question is ... how to properly insert data into the doc table in
>> > > the case of the text_form? text_form.vars.text_in has the results of
>> > > textarea form field. These data are easily stored in an uploads/
>> > > file.txt file. The question is how to make the db.doc.filename field
>> > > point to the uploads/file.txt file such that it will be consistent
>> > > with a true file upload vs. a text field upload? Just inserting the
>> > > name of the uploads/file.txt into the db.doc.filename field isn't the
>> > > right way. (Hope this is clear enough.)- Hide quoted text -
>>
>> > - Show quoted text -
>>
>>
>
> --
> You received this message because you are subscribed to the Google Groups
> "web2py-users" group.
> To post to this group, send email to web...@googlegroups.com.
> To unsubscribe from this group, send email to
> web2py+unsubscr...@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/web2py?hl=en.
>
>
>
>
--
You received this message because you are subscribed to the Google Groups
"web2py-users" group.
To post to this group, send email to web...@googlegroups.com.
To unsubscribe from this group, send email to
web2py+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/web2py?hl=en.
