[FX.php List] Container fields: Uploading to, and protecting

Dale Bengston dbengston at preservationstudio.com
Sun Oct 29 08:41:30 MST 2006 

Hi Ed,

Unless you need access to the PDFs in container fields from FMP  
client-server, I would not put the PDFs in container fields. It's  
simpler and faster to store them in directories on your server drive  
and use your FMP tables to store a reference to where they are. When  
you retrieve data from FMP, FX writes out the link to the proper PDF  
stored in the server's file system.

Hope this helps,
Dale

On Oct 28, 2006, at 5:31 PM, Edward L. Ford wrote:

> Hello,
> My database has a container field that is meant to hold a PDF file  
> (and only PDF files).  I have severa concerns and questions about  
> this, which I'm hoping this list can help me with.
>
> 1) Adding new PDF to the database
> When making a new record with the PHP interface to the database,  
> users should be able to upload a PDF file from their machine so its  
> added to the container field.  How do I handle an uploaded file  
> with PHP and FX so it gets added to the container field?
>
> 2) (not really FX related) How do I ensure the file added is  
> actually a PDF (and not a DOC, or JPG file)?  I know this should be  
> at the server level, but I'm not sure how.
>
> 3) Protecting the database and the database server
> Looking at the XML output for a test record I have, the value for  
> the container field's data looks like:
> /fmi/xml/cnt/data.cnt?-db=GigBoard.fp7&-lay=WebGigDetails&- 
> recid=29&-field=FilePDF(1)
>
> When browsing records through the PHP interface, users should be  
> able to download the PDF file.  As I see it, I'd have to give a  
> direct link to the file on the database server, i.e.
> http://<server>/fmi/xml/cnt/data.cnt?-db=GigBoard.fp7&- 
> lay=WebGigDetails&-recid=29&-field=FilePDF(1)
>
> I have a security concern: about this: Since my PHP and FM servers  
> are different machines, the end user really has no idea what the  
> address of the FM server is.  With the PDF file as a basic link,  
> they get to see the server's address.
>
> In the FX example, there's a file called image_proxy.php that  
> appears to be used to hide the server URL, as well as the user and  
> password needed to get the image file.  I'd like to implement a  
> similar file to protect access to my PDF files, but I'm unsure how  
> to modify the example to match my situation.
>
> Thoughts and suggestions are appreciated,
> --Ed Ford
> _______________________________________________
> FX.php_List mailing list
> FX.php_List at mail.iviking.org
> http://www.iviking.org/mailman/listinfo/fx.php_list

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.iviking.org/pipermail/fx.php_list/attachments/20061029/feac8730/attachment.html

More information about the FX.php_List mailing list