Results 1 to 13 of 13
  1. #1
    Join Date
    Nov 2005
    Location
    USA
    Posts
    884

    * save pdf files into mysql!!! is that possible

    Can you save pdf files into mysql!!! is that possible?
    Is this secure? is it better than having an fread from a none accessible file location to retreive files from?
    GS RichCopy 360 Enterprise - Voted #1 for data migration and replication in terms of performance and features. Replicate data across between servers in the same network, WAN, or even across the internet - Many customer call it RSync for Windows

  2. #2
    Join Date
    Aug 2005
    Location
    UK
    Posts
    654
    Its very possiable, you could use a BLOB data type. Its not a good idea though, prefomance would be teriable.

    It would be a better to store the path to a file in the MySQL table and have php read and output that file. Even better you could make a Rewrite map files and have php add and remove entrys, that is really only worth it if you have a lot of trafic on these files though.

  3. #3
    Join Date
    Mar 2006
    Posts
    984
    By storing it's filename into your mySQL database table name, it should be secured enough to retrieve it when needed. However, if you're looking for to retrieve your PDF filename under a secured method, I'd recommend masking your dir names under queries. The only disadvantage is that it's using a little bit more PHP ressources. Althought, it does save you lots of trouble.

  4. #4
    Join Date
    Nov 2001
    Location
    Vancouver
    Posts
    2,422
    Storing PDF files in a database is possible, but I wouldn't unless you have a very good reason to do so. Merely asking the question suggests you do not.
    “Even those who arrange and design shrubberies are under
    considerable economic stress at this period in history.”

  5. #5
    Join Date
    Nov 2005
    Location
    USA
    Posts
    884
    thank you all.... So I think this is what I will do:
    1) save the files away from the public html.
    2) save the location to the files in mysql
    3) php will get the file location and read it.
    (this is secure correct?
    GS RichCopy 360 Enterprise - Voted #1 for data migration and replication in terms of performance and features. Replicate data across between servers in the same network, WAN, or even across the internet - Many customer call it RSync for Windows

  6. #6
    Join Date
    Nov 2001
    Location
    Vancouver
    Posts
    2,422
    Yes, that's a secure APPROACH.

    But whether the end result is secure depends on your IMPLEMENTATION.

    Be particularly careful about how you deal with path names, particularly if user input is used to construct them in any way. You don't want to open up the possibility for a malicious user to add, for example, something like this '../../../' into a path, or '/etc/passwd;'.

    Just keep security in mind when designing your system and coding it.
    “Even those who arrange and design shrubberies are under
    considerable economic stress at this period in history.”

  7. #7
    Join Date
    Nov 2005
    Location
    USA
    Posts
    884
    the links will be provided to the user..... the user will have no input as far as file locations.... the only input is username and password
    GS RichCopy 360 Enterprise - Voted #1 for data migration and replication in terms of performance and features. Replicate data across between servers in the same network, WAN, or even across the internet - Many customer call it RSync for Windows

  8. #8
    Join Date
    Aug 2005
    Location
    UK
    Posts
    654
    Quote Originally Posted by ITAhmed
    the links will be provided to the user..... the user will have no input as far as file locations.... the only input is username and password
    You have to bear in mind that any user/client does not have to use your forms/html. They could just make requests for anything. You need to do server side validation. This is why a lot of "contact us" forms end up spamming random people.

  9. #9
    Join Date
    Nov 2005
    Location
    USA
    Posts
    884
    MySQL would not be exposed to the internet... only the webserver has access to it
    GS RichCopy 360 Enterprise - Voted #1 for data migration and replication in terms of performance and features. Replicate data across between servers in the same network, WAN, or even across the internet - Many customer call it RSync for Windows

  10. #10
    Join Date
    Aug 2005
    Location
    UK
    Posts
    654
    I didn't mean people could connect to your database. What I mean was if the links you make are like https://yourdoamin/getfile.php?id=Bob'sfile.

    Any one could request that URL, if you told them the URL or not. Your getfile.php needs to validate requests as well as the PHP file that generates these links.

    You have to think about every posiablity with systems like these.

  11. #11
    Join Date
    Nov 2005
    Location
    USA
    Posts
    884
    Oh I see.... I have found a better way.... I was going to have pre-select buttons that would do a post call as opposed to a get action. that would be safer.... you agree?
    GS RichCopy 360 Enterprise - Voted #1 for data migration and replication in terms of performance and features. Replicate data across between servers in the same network, WAN, or even across the internet - Many customer call it RSync for Windows

  12. #12
    Join Date
    Aug 2005
    Location
    UK
    Posts
    654
    As long as all the scripts validate the clients identity then ethier method would be safe. Without that step your method would still be "unsafe".

  13. #13
    Join Date
    Nov 2005
    Location
    USA
    Posts
    884
    Certainly. Identity checked on all pages.
    GS RichCopy 360 Enterprise - Voted #1 for data migration and replication in terms of performance and features. Replicate data across between servers in the same network, WAN, or even across the internet - Many customer call it RSync for Windows

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •