Best practices for storing uploaded files in filesystem

Question

What is the best practices regarding storing files uploaded from users?

Currently, I am during the following method for storing files:

<web_app_root>/course_material/<term_id>/<course_id>/<file_id>

As you can see, the files are stored according to the keys in the database. I thought this was safer, since I wouldn't have to filter filenames and turn unsafe characters into safe characters.

However, I am starting a new project and wanted to know if it was a bad idea to tie a web app's filesystem so closely with a database. Should I store files in a more human readable format?

<web_app_root>/course_material/<term_name_underscored>/<course_name_underscored>/<file_name_underscored>

If so, what are the best ways to filter out filenames to be safe? Or is the way I am currently doing it a best practice?

Answer 1

I've always just stored the files in a directory with unique GUID based filenames, and mapped the guid to the file in the DB. As long as you're not manually browsing the files and such, this is probably the easiest solution (also gets around invalid chars).

Another option is storing them as BLOBS in the database. I've also done this - but it was to fill a replicated DR scenario, which modern NAS devices should handle.

If you see the need to manually browse the files outside of the app for some reason, then using the long or short name (however you'd like to browse them) would be cleaner.