Like said before, blob
is the way to go, however, as SanHolo points out it's not really performance-wise and you will eventually run into problems as your database can grow really really fast!
Why don't you index the file-name on the database and store the file on the server?
The mainly reason to not allow something like this would be security issues. If you are really trying to cover your bases by not allowing all users to see or grab content you have two options.
Option A) give the file a unique, non-identifiable name like Flickr does. The name of the file comprehends two hashes. A user hash and a file-hash. The second hash is secret and the only way you could get it would be by trial and error. Take a look into this file I have on Flickr. Is user-protected (only family can see) but you will be able to access it just fine as the URL itself serves as a protection: http://farm2.static.flickr.com/1399/862145282_bf83f25865_b.jpg, even if you were randomly trying to generate hashes and found a valid one it would be hidden by anonymity as you wouldn't know who it was from.
Option B) use a server side thecnology to limit the access. This method is safer but more expensive to the server. You will set up a script that will allow/deny access to the file based on session_permissions or something alike. Look at the following code that would be called by accessing something like:
http://yourserver.com/getprotectedfile.php?filename=213333.jpeg
session_start();
// logic to verify the user is ok
if($_SESSION['user_access']!=true) {
exit('user not allowed here');
// WATCHOUT! THIS IS NOT SECURE! EXAMPLE ONLY.
// on a production site you have to be sure that $filename will not point to a system file
$filename = $_GET['filename'];
// gets the file and outputs it to the user
header('Content-type: image/jpeg');
header('Content-Length: '.filesize($filename));
readfile($filename);
与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…