Home/ Questions/Q 8639743
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-12T11:05:53+00:00

I’m working on a project where i get images through an API from another

  • 0

I’m working on a project where i get images through an API from another site, and save the images locally on my server. I’ve been thinking, and i can’t decide if i should create a loader that displays the image, or just access the specific images directly? Is there any security concerns if i access them directly? Before i save the images on the server, i validate the content and check if it is a valid image, so i will always have valid images to display.

The image loader would work sort of like this. I create a controller (call it “load” for example). Then i could just call load with the image as a param, sort of like this:

http://example.com/load/file_name.jpg

And then i get the image through the load controller and display it. Is there any advantage to doing so or is it okay to access the image directly?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    I will give you a use case of why someone (in this case, me) would serve images via PHP:

    On one of my applications, users can upload avatar images. These images are processed on upload, names changed into hashes, and stored in the filesystem. The hashed name is stored in the database in a table that associates the photo’s hash, the user id, and indicates whether or not this is their chosen profile photo.

    If I was only using a single image size on the website, I would have just stored the image path and whether it was their profile image and have been done with it. However, the site has multiple locations in which the image can be displayed and they are varying sizes. Depending on the size of the image that is requested, I check to see if a size close to it has been generated. If it has, then I send a jpeg header, use readfile on the image location and serve the image. If it hasn’t, then I take the originally uploaded image, resize it to the size I need, store it in the filesystem, and serve it.

    This way, I am not creating 5+ images every time someone uploads an image. The images are generated on-demand, both distributing cpu time and reducing filesystem usage because some image sizes may never be requested.

    So, essentially, if these apply to you, you do not need to serve via PHP/CI:

    • not restricting access
    • don’t need dynamic resizing
    • not storing images outside of the webroot

    If you’re curious, a request to one of my images looks like this:

    http://domain.com/photos/view/3d643a9cecaf8ae849be7ab094579698/s-128/photo.jpg

    Broken down:

    http://domain.com/[controller/view]/[image hash]/[square, rectangular, or original]-[size in px]/photo.jpg

    This serves an image with the following path:

    http://domain.com/images/uploads/3d/64/3a9cecaf8ae849be7ab094579698/3d643a9cecaf8ae849be7ab094579698_s_128.jpg

    I store the images in sub directories so that there are collisions and therefore avoid filesystem limits due to max files per directory and so on. I could also move the images outside of the webroot so that they are physically inaccessible to the web. Serving via PHP also has the added benefit of not exposing your upload directory’s location.

    I know the answer was long-winded, but I hope it helps you come to a decision.

    • 0