mike cardeiro wrote:
From: André Warnier <a...@ice-sa.com>
>
Now, as long as we're there, what happens in your application if two people
upload a file with the same file name ?
When the upload happens the script makes an entry in a mysql table with
the file name, mime type and other info; the table has an autoincremented id
field as the primary key. the script names the uploaded file this id value so every file in the
directory is named the id field of their entry in the database so they
will all be unigue.
Very good. And by the same mechanism, you are already avoiding the problem with all the
silly (and sometimes dangerous) names that people can give to their files.
And I am sure that you also filter these oroginal filenames before writing them to your
database, right ? Not that people would be able to upload files with names that contain
silly characters like <,>,|,;,&,?,spaces, and all these kinds of things.
So if your files in the filesystem only have an unique-id as a name, then you also have a
download script, and this download script can also show the users a nice page with the
list of files that they can download, right ? and the links that are shown are each in
turn a call to your download script, to download the file that they choose, right ?
And another question : how many files maximum can end up being stored in that
upload/download directory ?
