PHP:存储文件位置...如果被覆盖怎么办?
我目前正在使用 Zend Framework 并有一个上传文件表单。经过身份验证的用户能够上传文件,该文件将存储在应用程序的目录中,并且位置存储在数据库中。这样它就可以显示为可以下载的文件。
<a href="/upload-location/filename.pdf">Download</a>
但我注意到,具有相同名称的文件将覆盖上传目录中的文件。没有错误消息,文件名也没有增加。所以我认为该文件必须被覆盖(或从未上传)。
上传、移动或存储这些文件时我应该注意哪些最佳实践?我是否应该始终重命名文件以使文件名始终唯一?
I am currently using the Zend Framework and have an upload file form. An authenticated user has the ability to upload a file, which will be stored in a directory in the application, and the location stored in the database. That way it can be displayed as a file that can be downloaded.
<a href="/upload-location/filename.pdf">Download</a>
But something I am noticing is that a file with the same name will overwrite a file in the uploads directory. There is no error message, nor does the filename increment. So I think the file must be overwritten (or never uploaded).
What are some best practices I should be aware of when uploading, moving, or storing these files? Should I always be renaming the files so that the filename is always unique?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(3)
通常,我们不会使用用户指定的名称来存储文件,而是使用我们(即我们的应用程序)选择的名称。
例如,如果用户上传
my_file.pdf,我们将:id;自动增量,主键 - 例如“123”application/pdf或类似的内容。file-123例如id=123的文件时,我们知道应该获取哪个物理文件 ('文件-' . $id)并发送。,顺便说一句,这样,我们确保:
Generally, we don't store files with the name given by the user, but using a name that we (i.e. our application) chosse.
For instance, if a user uploads
my_file.pdf, we would :id; an autoincrement, the primary key -- "123", for instanceapplication/pdfor something like that, for instance.file-123for instanceid=123, we know which physical file should be fetched ('file-' . $id) and sent.This way, we make sure :
继续帕斯卡·马丁的回答:
如果使用 id 作为名称,您还可以提出目录命名策略。我从文件系统获取
/somedir/part1ofID/part2OfID的时间不会比/somedir/theWholeID更长,但它可以让您选择在同一目录中存储多少个文件如何拆分 ID 以形成路径和文件名。下一个好处是,用于实际将文件输出给用户的脚本可以选择用户是否有权查看该文件。这当然要求文件存储在默认情况下每个人都无法读取的地方。
您可能还想看看这个其他问题。不完全相关,但值得注意。
Continuing on Pascal MARTIN's answer:
If using an id as name you can also come up with a directory naming strategy. I takes no longer to get
/somedir/part1ofID/part2OfIDfrom the filesystem than/somedir/theWholeIDbut it will let you choose how many files are stored in the same directory from how you split the ID to form the path and file name.The next good thing is that the script that you use to actually output the file to the user can choose if the user is authorized to see the file or not. This of course requires the files to be stored somewhere not readable by everyone by default.
You may also want to look at this other question. Not totally related, but good to be aware of.
是的,您需要想出一种方法来独特地命名它们。我见过各种不同的策略,从基于原始文件名的哈希、数据库记录的 pk 和上传时间戳,到某种类型的 slugging,同样基于数据库记录中附加的各种字段或相关记录。
Yes you need to come up with a way to name them uniquely. Ive seen all kinds of different strategies for this ranging from a hash base on the orignal filename, pk of the db record and upload timestamp, to some type of slugging, again based on varous fields in the db record its attached to or related records.