I need the best way to prevent any access to doc files when it is not my web application, for example, I need some files to be hidden from search engines or public users and only private users may reach and download them.
I would like to save the files in the file system and not in the DB in order not to increase the DB usage.
You can store your files in the file system, in a directory that cannot be accessed through an URL (such as a sibling of your root web directory). This will prevent direct access.
Then, write a PHP script which, when queried for a given file, will check whether the user can access that file, and send it with readfile (along with header for the content type and content disposition).