Performance issues storing images in MySQL blobs? (high load website)

but you'd want to avoid more than 10,000 files in a directory.

My thoughts exactly.

While backups kind of become easier when the images are in the database,

Not necessarily (see other comments in the post). There are pros and cons of backing up an image hosting DB.

I'd stick to the filesystem approach as it's going to be more performant

This is a long discussion and I begin to believe personal biases are at play. My own bias would also be, hell, files are much faster than DB.

However. If you check my linked article in the post, you'd see that as per that research, hosting files in a database tends to be a better solution, especially for small files, under 256KB. Our files are small and perfect for this kind of storage (like 100KB or less).

But as in any other live implementation, the magic word is it depends.

(and you don't need to worry about getting your caching headers etc from PHP).

True. But we prefer to control headers, caching and many other things. It's code easiness vs. fine tuning. We prefer the latter and already have in place control over browser cache control, etag, and the sorts.

There is another critical difference when using blobs - one we are really trying to stick to as much as possible. Its a design concept we have. We look at images and everything else as DATA. The place to store data is in the database - not anywhere in the webroot. The only place for files in the web root is for scripting files like PHP.

One of the big flaws in open source CMS-es (like Wordpress) is the necessity of having write-enabled folders publicly exposed. To us, this is a vulnerability. Instead, we only use read-only filesystems for anything under /var/www or the sorts. Anything DATA (such as text, image, styles, templates) are stored in the database. When done properly (and cached), this is actually faster than reading the files from the filesystem.

If WP (or any other CMS like that) would use read-only filesystems inside /var/www, there would not be so many websites hacked on a daily basis. Even CMS developers with bad coding would have a hard time writing a vulnerable plugin, as injection and XSS would be automatically handled inside the CMS. Hope you understand the ideas here.

/r/PHP Thread Parent