File Uploads - best practise for directory structure?

admin

Administrator
Staff member
<strong>Context:</strong>

I've just written a PHP file upload handler that saves any incoming file to my site's upload directory.
The upload directory is publicly accessible through the web, and currently each file is just dumped straight into it after being renamed with a unique ID generated by the database.
The hander will allow any file type aside from JS and PHP, not just images.
Number of files likely to be in the thousands eventually but it will take a couple of years for that to happen.

<strong>My question:</strong>

Is it a good or bad idea to have all uploaded files in the same directory on the server, and if not please explain why, and what would be better approach?

I notice that wordpress stores them in directories named for the date for instance.

The only real downside I can see is that an
Code:
ls
on the directory might be resource intensive once there are a few thousand files in there.
Or is there limits placed on number of files in one dir, or total size of one dir (running Linux)?

<strong>slightly preemptive note about security:</strong>

The upload handler is secured against anyone but logged in administrator level users uploading files, and it also won't save PHP or JS files (atleast as far as I can reliably test for them using the
Code:
type
attribute in the
Code:
$_FILES
array) as these may be executed by the server. Another safeguard I plan to implement is an
Code:
.htaccess
file that blocks requests to certain filetypes, just incase. Any notes on this aspect would also be welcome but it's not part of this question.