The PHP Photo Gallery Project: 1900 – 1970


Recently Launched: Our new-and-improved PHP Photo Gallery Project — a fully-automated photo gallery uploader & manager with MySQL database support and automated thumbnail image re-sizing (via PHP GD Library).

The demo uses the Galleria Image Gallery to display the images, but the system can be adapted to work with pretty much any photo gallery framework that’s currently available.

The original photographs and slides are from my family’s old photo albums — many date as far back as the early 1900’s. A lot of these were starting to deteriorate with age, so I took it upon myself to begin scanning/digitally capturing the images before they got any worse.

As well, I wanted to make the archive available online in order to share with long-lost relatives overseas — just in case anyone was interested. I suppose I could have just signed up for a Flickr account and uploaded it all there, but where’s the challenge in that? Much more fun to re-invent the wheel, I always say.

P.S. If you happen to be one of the aforementioned long-lost relatives, please feel free to contact me — it would be great to hear from you!

Update: Scanning of the first photo album now completed — approximately 1500 scans to go!


Finally, A Questions or Two re: Database Security

So, while I was performing the laborious (but necessary) task of ensuring that the database for this project was secure from SQL injection attacks, it occurred to me that one possible way of thwarting attempts to hack the search function might be to use the $_SESSION variable for searches, thus preventing direct user access to the database.

Basically, the idea was to connect with the database programmatically when the page loads, and create a $_SESSION array populated with the required data. Any and all searches would query the $_SESSION array, rather that connecting directly with the database.

In effect, this would (as far as I can tell) be an added layer of security, as the user would at no point have direct access to the database. Tried it, and it works! I can’t help wondering, however, if I’m missing something…

Is my thinking flawed? Has this been done before? MySQL/PHP users & security pros, help me out here — if you have any thoughts or insights regarding this, I would really appreciate it if you were to post a comment!