views:

274

answers:

2

What is the best practices regarding storing files uploaded from users?

Currently, I am during the following method for storing files:

<web_app_root>/course_material/<term_id>/<course_id>/<file_id>

As you can see, the files are stored according to the keys in the database. I thought this was safer, since I wouldn't have to filter filenames and turn unsafe characters into safe characters.

However, I am starting a new project and wanted to know if it was a bad idea to tie a web app's filesystem so closely with a database. Should I store files in a more human readable format?

<web_app_root>/course_material/<term_name_underscored>/<course_name_underscored>/<file_name_underscored>

If so, what are the best ways to filter out filenames to be safe? Or is the way I am currently doing it a best practice?

+1  A: 

I've always just stored the files in a directory with unique GUID based filenames, and mapped the guid to the file in the DB. As long as you're not manually browsing the files and such, this is probably the easiest solution (also gets around invalid chars).

Another option is storing them as BLOBS in the database. I've also done this - but it was to fill a replicated DR scenario, which modern NAS devices should handle.

If you see the need to manually browse the files outside of the app for some reason, then using the long or short name (however you'd like to browse them) would be cleaner.

TheSoftwareJedi
A: 

I suggest you to take then out of the web_app_root.

I like the way you're doing in the first example.

As long as the file directory is out of the htdocs directory, everything should be fine right? I just want to keep everything related to a specific project in its own directory.
rlorenzo
Indeed talking about security. But a separated disc is the better solution imho.