How to securely upload and store user documents?

HOw can I allow users to upload to our servers files which then can be stored开发者_如何学C securely and that can be accessed by the users who uploaded them?

Where do i store them, in databases? or in folders on the website? And if i do use folders? how can i let people who own them to see it rather than anybody else?

I am new to the storage area, so please bare for any stupid questions.

Thanks.

Files are files and not textual data that you need to search across or use aggregate functions upon in a database. The operating systems file system was written specifically to handle the fast serving and searching of files. So I would not put them in the database, but on the file system.

To secure them you can place them in a folder with a .htaccess file prohibiting access or place them outside the document_root. You then write a simple PHP script to server the files back to the user if they have permission to view it.

Files uploaded using <input type='file' /> arrive at the destination PHP script in the $_FILES superglobal array. (Documentation)

It's often best to store them in a binary BLOB column in the database, where you can easily associate them with a user id, protecting them from download by unauthorized users. They are often stored along with columns containing the file's MIME type and size in bytes.

To deliver the files back to the user in the browser, you can send the appropriate content-type header from PHP:

// the mimetype
header("Content-type: application/whatever");
header("Content-length: $length-in-bytes");

// echo the file out to the browser
echo $file;
exit();