Re: [PHP] asking comment
On Wed, March 30, 2005 5:44 am, William Stokes said: I got a bit frustrated with image upload stuff with different image name problems. So I created a system that gives the uploaded imaged a random numeric name between 1-10 000 000 and saves the file to a server folder and the image name to mysql DB. Given the sort of race conditions and problems brought up here, it occurs to me that *MAYBE* http://php.net/mkdir would help, as I believe it's atomic, and will either succeed or fail. You are then creating a unique directory name for each image, and you put the image inside that directory. That may be even more problematic than using the SQL, however... Still, worth pondering, I think. -- Like Music? http://l-i-e.com/artists.htm -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] asking comment
Hello, I got a bit frustrated with image upload stuff with different image name problems. So I created a system that gives the uploaded imaged a random numeric name between 1-10 000 000 and saves the file to a server folder and the image name to mysql DB. Is there a so sort of a problem here that I am not thinking of? I only can imagine problem that the rand() gives the same value twice. But I cant see this as a major problem because there would be maybe not more than 1000 uploaded pictures. So the chance is at worst something like 1:10 000 that same name is created to the image. Anyway if same name is created what's the best way to check that? I was thinking of putting the image name field in DB as a unique field. That would do it? Right? Thanks again -Will -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] asking comment
Hello William, Wednesday, March 30, 2005, 1:44:01 PM, you wrote: WS Is there a so sort of a problem here that I am not thinking of? I WS only can imagine problem that the rand() gives the same value WS twice. But I cant see this as a major problem because there would WS be maybe not more than 1000 uploaded pictures. So the chance is at WS worst something like 1:10 000 that same name is created to the WS image. Actually that's only true of the very first image you upload. For every image uploaded there-after your odds get worse and worse for a conflict happening. If you really must use this method please at least do a file_exists() check first to make sure your random number hasn't been used. WS Anyway if same name is created what's the best way to check that? Depends how you are storing it - if it's in a database then check to see if that ID is used. If just a plain file, use file_exists. WS I was thinking of putting the image name field in DB as a unique WS field. That would do it? Right? Yes it would ensure the filename was unique, but unless you actually need it in a database it's probably not worth the effort. Just check for the actual file itself. Best regards, Richard Davey -- http://www.launchcode.co.uk - PHP Development Services I do not fear computers. I fear the lack of them. - Isaac Asimov -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] asking comment
use a SQL statement to check if that number exists if not then its fine if it does then generate another no and check again, until there is a unique number generated. hope this helps angelo William Stokes wrote: Hello, I got a bit frustrated with image upload stuff with different image name problems. So I created a system that gives the uploaded imaged a random numeric name between 1-10 000 000 and saves the file to a server folder and the image name to mysql DB. Is there a so sort of a problem here that I am not thinking of? I only can imagine problem that the rand() gives the same value twice. But I cant see this as a major problem because there would be maybe not more than 1000 uploaded pictures. So the chance is at worst something like 1:10 000 that same name is created to the image. Anyway if same name is created what's the best way to check that? I was thinking of putting the image name field in DB as a unique field. That would do it? Right? Thanks again -Will -- Angelo Zanetti Z Logic [c] +27 72 441 3355 [t] +27 21 464 1363 [f] +27 21 464 1371 www.zlogic.co.za -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] asking comment
Instead of generating filenames with random numbers, why not take a timestamp and use this as filenames? /frank 2005-03-30 kl. 14.44 skrev William Stokes: Hello, I got a bit frustrated with image upload stuff with different image name problems. So I created a system that gives the uploaded imaged a random numeric name between 1-10 000 000 and saves the file to a server folder and the image name to mysql DB. Is there a so sort of a problem here that I am not thinking of? I only can imagine problem that the rand() gives the same value twice. But I cant see this as a major problem because there would be maybe not more than 1000 uploaded pictures. So the chance is at worst something like 1:10 000 that same name is created to the image. Anyway if same name is created what's the best way to check that? I was thinking of putting the image name field in DB as a unique field. That would do it? Right? Thanks again -Will -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] asking comment
I got a bit frustrated with image upload stuff with different image name problems. So I created a system that gives the uploaded imaged a random numeric name between 1-10 000 000 and saves the file to a server folder and the image name to mysql DB. Is there a so sort of a problem here that I am not thinking of? I only can imagine problem that the rand() gives the same value twice. But I cant see this as a major problem because there would be maybe not more than 1000 uploaded pictures. So the chance is at worst something like 1:10 000 that same name is created to the image. Anyway if same name is created what's the best way to check that? I was thinking of putting the image name field in DB as a unique field. That would do it? Right? Append a datetime to the filenames, or use a folder per date? If want to create a unique filename, and are using PHP4.3.2 or better, use fopen() with the 'x' or 'x+' mode, rather than file_exists(). Something like the function below, The filename parameter is passed by reference, so you can retrieve the filename the function actually created. Returns a FALSE, or a standard file handle which can fwrite() etc. function createFileWithUniqueName($filename) { $f = @fopen($filename, 'x'); if ($f === FALSE) { $pathInfo = pathinfo($filename); $dirname = $pathInfo['dirname']; $basename = $pathInfo['basename']; $extension = $pathInfo['extension']; if (!empty($dirname)) $dirname .= DIRECTORY_SEPARATOR; if (!empty($extension)) { $extension = '.'.$extension; $basename = substr($basename, 0, -strlen($extension)); // Remove extension from basename } $prefix = $dirname.$basename.'_'; /* Keep trying to create new files ... The $n 100 is just to prevent any extreme situations happening */ for ($n = 1; $f === FALSE $n 100; ++$n) { $name = $prefix.$n.$extension; $f = @fopen($name, 'x'); } if ($f !== FALSE) $filename = $name; } return $f; } $basename = 'test.txt'; $n = $basename; $f = createFileWithUniqueName($n); if ($f !== FALSE) { fwrite($f, 'test '.$n); fclose($f); } $n = $basename; $f = createFileWithUniqueName($n); if ($f !== FALSE) { fwrite($f, 'test '.$n); fclose($f); } Jared -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re[2]: [PHP] asking comment
Hello Jared, Wednesday, March 30, 2005, 4:16:31 PM, you wrote: JW If want to create a unique filename, and are using PHP4.3.2 JW or better, use fopen() with the 'x' or 'x+' mode, rather than JW file_exists(). If you're happy with your scripts generating E_WARNING's all over the place then yes. Personally, I'm not. Best regards, Richard Davey -- http://www.launchcode.co.uk - PHP Development Services I do not fear computers. I fear the lack of them. - Isaac Asimov -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] asking comment
JW If want to create a unique filename, and are using PHP4.3.2 or JW better, use fopen() with the 'x' or 'x+' mode, rather than JW file_exists(). If you're happy with your scripts generating E_WARNING's all over the place then yes. Personally, I'm not. Use @ to surpress them. You cannot guarentee the filename you think doesn't exist with the file_exists() doesn't exist when you eventually fopen() it, otherwise. This problem falls into a category called Race conditions. http://en.wikipedia.org/wiki/Race_condition and http://www.dwheeler.com/secure-programs/Secure-Programs-HOWTO/avoid-race.html. Jared -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re[2]: [PHP] asking comment
Hello Jared, Wednesday, March 30, 2005, 4:51:01 PM, you wrote: If you're happy with your scripts generating E_WARNING's all over the place then yes. Personally, I'm not. JW You cannot guarentee the filename you think doesn't exist with the JW file_exists() doesn't exist when you eventually fopen() it, JW otherwise. Using the original posters method, I agree. But there are plenty of ways around this without forcing a warning to occur (or having to suppress one), that avoids any sort of race condition. It's just the way the OP is doing it is IMHO messy to begin with, but was obviously a solution born out of frustration. Best regards, Richard Davey -- http://www.launchcode.co.uk - PHP Development Services I do not fear computers. I fear the lack of them. - Isaac Asimov -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: Re[2]: [PHP] asking comment
JW You cannot guarentee the filename you think doesn't exist with the JW file_exists() doesn't exist when you eventually fopen() it, JW otherwise. Using the original posters method, I agree. But there are plenty of ways around this without forcing a warning to occur (or having to suppress one), that avoids any sort of race condition. It's just the way the OP is doing it is IMHO messy to begin with, but was obviously a solution born out of frustration. If you think you have another method please elaborate. Jared -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re[4]: [PHP] asking comment
Hello Jared, Wednesday, March 30, 2005, 6:27:14 PM, you wrote: JW If you think you have another method please elaborate. Sure, at the base level the issue is simply the uniqueness of the filename. So there are several options open in this regard. Either use an md5'd uniqid rand combination (as on the uniqid manual page) and just go with that, operating under the assumption that the chances of a conflicting hash are remote at best. Or another method (which the OP touched upon) would be using some SQL space and simply getting the next available ID back and using it as the filename. There are no race conditions here, the ID you will get is unique to that session. Assuming the site was correctly set-up you wouldn't then even need to check the file exists, just move_uploaded_file on it. But for the overly paranoid you could do and if a file does exist, get another ID. While it involves DB overhead it ensures relatively bullet-proof uniqueness and no warning generation / suppression. Best regards, Richard Davey -- http://www.launchcode.co.uk - PHP Development Services I do not fear computers. I fear the lack of them. - Isaac Asimov -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: Re[4]: [PHP] asking comment
Sure, at the base level the issue is simply the uniqueness of the filename. So there are several options open in this regard. Either use an md5'd uniqid rand combination (as on the uniqid manual page) and just go with that, operating under the assumption that the chances of a conflicting hash are remote at best. Or another method (which the OP touched upon) would be using some SQL space and simply getting the next available ID back and using it as the filename. There are no race conditions here, the ID you will get is unique to that session. Assuming the site was correctly set-up you wouldn't then even need to check the file exists, just move_uploaded_file on it. But for the overly paranoid you could do and if a file does exist, get another ID. While it involves DB overhead it ensures relatively bullet-proof uniqueness and no warning generation / suppression. I'll take absolutely bullet-proof and handled/supressed warnings, over relatively bullet-proof. Jared -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re[6]: [PHP] asking comment
Hello Jared, Wednesday, March 30, 2005, 7:02:58 PM, you wrote: JW I'll take absolutely bullet-proof and handled/supressed warnings, JW over relatively bullet-proof. That would be fine if your previous solution was absolutely bullet-proof, or for that matter provided a solution for the original problem of renaming uploaded files and keeping them unique. Appending a datetime to a file, or using a loop that hopes you get a unique name within 100 iterations is wildly far from bullet proof in just about every respect. Best regards, Richard Davey -- http://www.launchcode.co.uk - PHP Development Services I do not fear computers. I fear the lack of them. - Isaac Asimov -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: Re[6]: [PHP] asking comment
How about a filename based upon a user id and the time the file was uploaded. Unless you have multiple instances of the same user then it will not be possible for the same user to upload a file at exactly the same time as himself. Just a thought... Mikey -Original Message- From: Richard Davey [mailto:[EMAIL PROTECTED] Sent: 30 March 2005 19:19 To: php-general@lists.php.net Subject: Re[6]: [PHP] asking comment Hello Jared, Wednesday, March 30, 2005, 7:02:58 PM, you wrote: JW I'll take absolutely bullet-proof and handled/supressed warnings, JW over relatively bullet-proof. That would be fine if your previous solution was absolutely bullet-proof, or for that matter provided a solution for the original problem of renaming uploaded files and keeping them unique. Appending a datetime to a file, or using a loop that hopes you get a unique name within 100 iterations is wildly far from bullet proof in just about every respect. Best regards, Richard Davey -- http://www.launchcode.co.uk - PHP Development Services I do not fear computers. I fear the lack of them. - Isaac Asimov -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: Re[6]: [PHP] asking comment
I agree with this solution, though it only effects the OP if he is using a login system of sorts. Martin Austin Mikey [EMAIL PROTECTED] 03/30/2005 12:39 PM Please respond to frak To: php-general@lists.php.net cc: Subject:RE: Re[6]: [PHP] asking comment How about a filename based upon a user id and the time the file was uploaded. Unless you have multiple instances of the same user then it will not be possible for the same user to upload a file at exactly the same time as himself. Just a thought... Mikey -Original Message- From: Richard Davey [mailto:[EMAIL PROTECTED] Sent: 30 March 2005 19:19 To: php-general@lists.php.net Subject: Re[6]: [PHP] asking comment Hello Jared, Wednesday, March 30, 2005, 7:02:58 PM, you wrote: JW I'll take absolutely bullet-proof and handled/supressed warnings, JW over relatively bullet-proof. That would be fine if your previous solution was absolutely bullet-proof, or for that matter provided a solution for the original problem of renaming uploaded files and keeping them unique. Appending a datetime to a file, or using a loop that hopes you get a unique name within 100 iterations is wildly far from bullet proof in just about every respect. Best regards, Richard Davey -- http://www.launchcode.co.uk - PHP Development Services I do not fear computers. I fear the lack of them. - Isaac Asimov -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: Re[6]: [PHP] asking comment
JW I'll take absolutely bullet-proof and handled/supressed warnings, JW over relatively bullet-proof. That would be fine if your previous solution was absolutely bullet-proof, or for that matter provided a solution for the original problem of renaming uploaded files and keeping them unique. Appending a datetime to a file, or using a loop that hopes you get a unique name within 100 iterations is wildly far from bullet proof in just about every respect. Oh and generating random filenames from md5(), crossing your fingers and hoping you've got a unique filename is better? Or assume that files don't already exist in the directory? You are going against convential wisdom about ensuring unique filenames. Jared -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php