tags:

views:

50

answers:

3
Q: 

PHP question Forum Attachment Feature Help

HI

I have a forum and I'm trying to think of how to do an "attachment" feature. You know if you make a thread you can chose to upload a file and attach it in the thread.

Should I make a table called attachment with id of the file id in table files?? Whats the best way. And I want you to be able to upload more than 1 attachment. and if it's a picture show a little miniature of the picture.

How should I check if the file exist etc? How would you do this?

Sorry for my poor english

A: 

I honestly would create a Column on the table of posts that says 'Attachments', and then do a comma delimited string of attachment file names

file1.png,file2.png,file3.png

then when you get it into PHP, simply explode it

$attachments = explode(',', $string);

and check for each file that you have already put in your upload directory:

foreach($attachments as $file)
{
    if(!is_file($upload_directory.$file))
    {
        $error[] = $file . " is not a valid attachment";
        // run cleanup script
    }
}

To get the attachments, it is really simple code, but you need to validate and sanitize the incoming file.

foreach($_FILES as $array)
{
    // Sanitize Here
    die("SANITIZE HERE!");

    move_uploaded_file($array['tmp_name'], $upload_dir);
}
Chacha102  2009-08-16 02:04:50
Really ... why is there a downvote?
Chacha102  2009-08-16 04:43:41
A: 

You question is too broad but I'll give you some pointers:

  • store the images on the disk, something like /uploads/--thread_id--/1.jpg, /uploads/--thread_id--/2.jpg and so on (this way you don't have to make any changes to your DB)

Regarding the upload process, validation and image resizing you can read more at (I recommend you read them in this order):

http://pt.php.net/manual/en/function.exif-imagetype.php -> image validation
http://php.net/manual/en/function.move-uploaded-file.php -> upload process
http://pt.php.net/manual/en/book.image.php -> image resizing & manipulation
Alix Axel  2009-08-16 02:09:51
A: 

Chacha's plan sounds good to me, but you have to be careful. Make sure the files that you save don't have any execution permissions and that the file isn't on a web-accessible directory on your server. I think you should put the upload directory in a directory higher than your web directory for security purposes.

Another possible way to save the files: save their binary code in blobs in the database. I'm not sure if there are any advantages to this method, but I haven't personally had to deal with file uploads.

Above all else, be careful with uploaded data!

Evan Kroske  2009-08-16 02:14:12

related questions

IDE suggestions: Eclipse IDE vs. Zend Studio ( confused )
MySQL/Apache Error in PHP MySQL query
Lightweight IDE for Linux
What PHP framework would you choose for a new application and why?
Why is my ternary expression not working?
How can I get at the matches when using preg_replace in PHP?
Mechanisms for tracking DB schema changes
Wordpress theme development offline tools
Using object property as default for method property
How can I get the authenticated user name under Apache using plain HTTP authentication and PHP?
Make XAMPP/Apache serve file outside of htdocs
How do you debug PHP scripts?
PHP Variables passed by value or by reference?
Best way to implement unit testing in PHP
Connect PHP to an AS/400
Best way to access Exchange using PHP?
PHP Session Security
How do I access a remote form in php?
What's the best way to generate a tag cloud from an array? (using h1 through h6 for sizing)
Apache/PHP: error_log per Virtual Host?
How do I track file downloads with apache/PHP
How would you access Object properties from within an object method?
Flat File Databases in PHP
Best way to allow plugins for a PHP application
Latest information on PHP upcoming releases