Welcome Guest, Not a member yet? Register   Sign In
best way to upload and rename an image
#11

[eluser]llbbl[/eluser]
Quote:1) upload to your server’s temp directory (so you won’t have to delete this source image later)
2) get the image info that you want to insert into your database from $this->upload->data();
3) insert that data into your database, then if you are using auto-increment, you can get the unique id using $this->db->insert_id();
4) copy/resize your image to the directory of your choice using the upload data ‘full_path’ as your ‘source_image’ and add the unique id from the database as the new image name (or at least part of it, appending any constant you like to the name). Example: uploads/img_1.jpg, uploads/img_1_thumb.jpg, etc.

look I didn't think you explained it well. its nothing personal, calm down dood. security should always be a top concern, or are you in the habit of giving bad advice? if its outside the web root than say it. jared's code is not outside the web root. I suggest that in the future you refer people, who want to do file uploading, to read the pdf. It is easier than trying to explain it yourself.
#12

[eluser]FuzzyJared[/eluser]
lol I really didn't mean to set off a fire here.

The difference is that if I upload an image of the same name during my process, it appends a number ( 1 as the example ) to the end of the file name, so image.jpg uploaded again would produce image1.jpg on the server. What I did not realize that upon doing that, it would also provide me with image1.jpg as the name as the file instead of just image.jpg which is the name of the local file that I am uploading. The major concern with this problem is that I didn't want the admin to overwrite product images accidentally.

And yes, if this were files being uploaded via non admins I would do a lot more to ensure that the files were not executable via url. And I do appreciate the PDF linked.
#13

[eluser]Rick Jolly[/eluser]
[quote author="llbbl" date="1193192203"]
Quote:1) upload to your server’s temp directory (so you won’t have to delete this source image later)
2) get the image info that you want to insert into your database from $this->upload->data();
3) insert that data into your database, then if you are using auto-increment, you can get the unique id using $this->db->insert_id();
4) copy/resize your image to the directory of your choice using the upload data ‘full_path’ as your ‘source_image’ and add the unique id from the database as the new image name (or at least part of it, appending any constant you like to the name). Example: uploads/img_1.jpg, uploads/img_1_thumb.jpg, etc.

look I didn't think you explained it well. its nothing personal, calm down dood. security should always be a top concern, or are you in the habit of giving bad advice? if its outside the web root than say it. jared's code is not outside the web root. I suggest that you in the future you refer people, who want to do file uploading, to read the pdf. It is easier than trying to explain it yourself.[/quote]

Ok, how would you expect me to respond to this:
Quote:how rick jolly suggests to do it, is a bad idea.
when there is absolutely nothing insecure with my advice. Zero.

You assumed that "uploads/" was in the web root without justification. I assume that you are a hairy beast. Oh, and it's nothing personal, calm down dood.
#14

[eluser]llbbl[/eluser]
[quote author="FuzzyJared" date="1193192972"]lol I really didn't mean to set off a fire here.

The difference is that if I upload an image of the same name during my process, it appends a number ( 1 as the example ) to the end of the file name, so image.jpg uploaded again would produce image1.jpg on the server. What I did not realize that upon doing that, it would also provide me with image1.jpg as the name as the file instead of just image.jpg which is the name of the local file that I am uploading. The major concern with this problem is that I didn't want the admin to overwrite product images accidentally.

And yes, if this were files being uploaded via non admins I would do a lot more to ensure that the files were not executable via url. And I do appreciate the PDF linked.[/quote]

Even with admin only uploads its still a good thing do it outside web root or have separate sub domain for uploads. Admin accounts can get hacked, esp if you have more than handful accounts the risk goes up. If you _have_ to have it web accessible, on a subdomain or whatever, stopping hotlinking with http.conf or .htaccess.

If the only thing you do is add one number, I would just leave the file name the same. Keeping track of everything in the database is always advisable. I am a fan of what they do in the pdf (also what flickr does) and rename the entire image using random numbers and or hashes.
#15

[eluser]Référencement Google[/eluser]
Just one question (out of your fight)
Can we conclude reading your discussion that CI upload class is enough secure if we use it as the user guide says?
#16

[eluser]llbbl[/eluser]
[quote author="elitemedia" date="1193262546"]Just one question (out of your fight)
Can we conclude reading your discussion that CI upload class is enough secure if we use it as the user guide says?[/quote]

It needs work, as it stands, most people who implement it will do it unsecurely. I need to look at the class again to see if it is using GD to verify that image data is being uploaded.

Areas of improvement:

1) the addition of database code to store the randomly generated file names in a database

2) a file viewing class that reads the file names from the database and the displays the image data

3) a indepth explanation of howto configure a subdomain with php and cgi disabled

4) a indepth explanation of the two choices you have for secure file uploading.
#17

[eluser]E1M2[/eluser]
Made a post on this:
http://ellislab.com/forums/viewthread/63489/
#18

[eluser]FuzzyJared[/eluser]
I don't like putting images into BLOB fields of databases. The main reason is you will often have data limitations within hosting providers that would become tiresome through the life a site. The second reason is out of ignorance on my own part. I have not tested or researched testing on how images serverd from db's compare to images being served as files from your site. It has been my practice in the past to reduce the db load and not increase it. But again my preference could be greatly influenced by my admitted ignorance.
#19

[eluser]llbbl[/eluser]
The main reason I think it is bad practice is because backing up the database with some regularity (much more often than the file structure) is always a good thing. If you have the images in the database than it makes these backups harder todo.
#20

[eluser]Unknown[/eluser]
I would turn this proposition around: Best way to rename and upload pictures. When pictures already have a descriptive (unique) name, there is little to worry about when it comes to uploading. Renaming pictures on your desktop is still seen as a painful and tedious task. It does not have to be like that anymore when you use PictureRetitle. Sheer happiness for picture uploaders.




Theme © iAndrew 2016 - Forum software by © MyBB