mysql - php download file depending on user login -

i beginner in php programming. have running loginscript. want store files depending on user. membership website , each member has own documents. when user logon het gets own environment , whant have own files avalable download. variable htmlentities($_session['lidid']) givving user id. first have tried construct downbload posibility prefix of userid verry insecure. looking way of doing secure. construction secure way of storing , downloading files belongs logged in user?

i have mysql database dontkwno beter store files in database or in filesystem(with insecure because when have link can download it)