It really depends on what your application does with those images. These are some of the things I learnt by experience…

How many images?
If we are talking about thousands of images, keep in mind that a folder with that amount of files is probably not accesible via FTP. You can classify them and put them in different subfolders if you need access to them.
Classification can be done by a number of things… from size to odd/even ID numbers. It all depends on how much you need to split them up.

Are they private images? Should they be publicly accesed? If you use just the ID as unique identifier, it’s pretty easy to guess and find other images, since they are most likely auto-incremental. You can generate a more secure name in those cases just throwing user IDs, timestamps, random numbers, a hash, or whatever combination…

Hashing the names? You don’t get any extra security off of this. If you are already using a combination of things of the names, hashing it is just an extra thing to do. Say you are using [image_id]_[timestamp] for the names, if you hash it, you lose that information. You do have it in your database, but it’s also good having it in the file names. If for some reason, you need to delete certain files it would be easier if you could recognize them. And, going back to the amount of images you may have… there could be collitions in the MD5. Meaning 2 files would get the same name.. (It’s really rare, but it could happen)

Since it’s a store, I’m guessing you don’t need the extra security on the image names, but you might need the extra classification.

Btw, according to your step by step, you can’t use the ID of the image for the filename because you insert the row into the table AFTER saving the image.

If you need more details, do leave a comment.