Guidelines for storing uploaded photo info in database

Question

We are making a social site for a client (final project for classes) and he wants a photo uploading feature.

We thought about putting a link in a MySQL database to the picture with a unique ID for the picture and also a foreign key to the User ID.

But I was wondering what would be the safest method.

1. Should we keep the picture name or rename it?
2. Should we keep all pictures within the same folder, or have a separate folder for each Unique User ID?.
3. If we rename the picture, should we just start with the unique ID for the picture? (1 to XXXX)

Safe : any type of explointing with a malicious filename Fastest : to have 1 folders then XXXXX folder

Answer 1

For uploaded images I would rename the image to the userid-imageid so an image would be named 123-5554.jpg for example, this would group them by userid while keeping them in the same folder (using sorting), and provide a unique name for each image.

If you dont rename the image, someone could easily upload a image called picture.jpg more than once.