I am a beginner in php programming. i have a running loginscript. what i want is to store files depending on the user. its a membership website and each member has his own documents. when the user logon het gets his own environment and i whant to have his own files avalable for download. the variable htmlentities($_SESSION['LidID']) is givving the user id. first i have tried to construct a downbload posibility with a prefix of the userid but this is verry insecure. so i am looking to a way of doing this secure. with construction is a secure way of storing and downloading only the files that belongs to the logged in user?
i have a mysql database but i dontkwno it its beter to store the files in the database or just in the filesystem(with is insecure because when you have the link you can download it)