If your production OS is linux then I know you can do the upload securely onto the filesystem.
I believe this can be done on other systems as well but as to how, I cannot help you.
vincent wrote:
"What about security issues?"
what about them?
"That was actually a client requirement to have the files stored in a table."
Clients don't know what they want/need, that is why they hire developers.
"Also there will be many ppl uploading files and there is a possibility of similar file names overwriting the other.... filenames have to be maintained"
Obviously you would never store the file under it's original filename (I could cleverly enter '/etc/passwd' as a filename. Then the file would not be saved (because I cannot overwrite /etc/passwd) but when I ask for the file again for download, I will get the origincal '/etc/passwd', and I have succesfully hacked your system.
Instead, you'd store the original filename in the database, and use a database-generated number (auto_increment/sequence) as a filename to save the file on disk.
