tags:

views:

234

answers:

2
Q: 

Best Practice for Saving Images

I am allowing users of the admin panel of my website to upload photos, its a simple process where I check the validity of the image and then save it to a folder, then I also have to record a couple of database records for that image to be able to retrieve it later, my saving function is as follows... The function that uploads and saves the picture in the folder with a name i construct in another function:

My_HTMLInputFile.PostedFile.SaveAs(HttpContext.Current.Server.MapPath("~/photos\" & pta.FileName))

And the function that creates the database record for that same picture:

Public Function InsertPhoto() As Integer
        Dim pta As New GKPTableAdapters.tblPhotosTableAdapter
        Return pta.InsertPhoto(PhotoCaption, PhotoDescription, ("http://www.myURL.com/photos/" & FileName), IsDefault, IsPicture)
    End Function

Now I know that what I am doing is full of best-practices violations, so please point me out to what I should do, keep in mind that the users might delete the pictures later, so I wanna make sure that I can delete the database and file of the picture, and the whole issue of the path is confusing me :P

Thanks in advance.

+1  A: 

Something I've noticed right off the bet is that you are hardcoding the FULL PATH to the image.

I'd just store the image name, and then prepend the relative path when i display it in the application

If you allow your users to delete the files via your application, you should delete the record in the database, and then delete the file itself by using File.Delete method

roman m  2009-04-09 07:26:28
A: 

You may also want to look at your file name generation. If you use an md5 hash of the image data as the file name, for example, you can prevent people from uploading duplicate images and you also don't have to think of a way to generate "unique" names for the images.

Exposing your photos directory directly to the internet may be a bad idea if there are images in there that the public should not see and your naming policy is predictable. People will start guessing image URLs and stumble upon something they are not allowed to see.

Gerco Dries  2009-04-09 07:30:42
Actually all images are available to public, so no worries there, and my naming function simply takes data time and second, then reversed name of the file then appends the extension to it, so no duplicates..
Maen  2009-04-09 07:37:37

related questions

What are the most important functional differences between C# and VB.NET?
Setting Group Type for new Active Directory Entry in VB.NET
ASP.Net Datagrid: in Footer calculate Avg or Sum for column
Opening a file in my application from File Explorer
HTML Email Editor in a Windows Forms Application
Datatables, Dataviews and distincts! (ASP.Net/VB)
Naming convention for VB.NET private fields
Visual Studio - new "default" property values for inherited controls
Change the width of a scrollbar
Is String.Format as efficient as StringBuilder
Default Form Button in FireFox
VB.NET - IsNothing versus Is Nothing
'Break' equivalent keyword for VB
What is the best way to wrap time around the work day?
Best SVN Client Ignore Pattern for VB.NET Solutions?
Long-time LAMP Developer moving to VB.NET
What's the best way to find long-running code in a Windows Forms Application
What is the best way to deploy a VB.NET application?
'Best' Diff Algorithm
Setting Objects to Null/Nothing after use in .NET
CSV File Imports in .Net
How do you migrate a large app from VB6 to VB .net ?
Floating Point Number parsing: Is there a Catch All algorithm?
Decoding T-SQL CAST in C#/VB.net
Reliable Timer in a Console Application