I'm still unsure how files are stored in the database...is it just varchar for our usage?

What do you mean by an "uploads" subdirectory of our Flask app? Is it like a route/url endpoint?

Could you clarify what is stored in the files dictionary (what does the dictionary look like)? I think I'm also having a hard time understanding how the html, sql, python code link with each other and what is processed by each. 

When would you not be able to depend on a filename extension to determine its type?  (Why do we need MIME?)

Is the good 404 error handling that I did not write in my Lookup website coming from app.config['TRAP_BAD_REQUEST_ERRORS']?

What do you mean by “Control the location” with respect to data uploaded to the server?  Do you mean only allow users with particular IP addresses to upload data, or control the location where uploaded files go?  How would either of these prevent people from uploading porn images?

In the security section, what does it mean to not "put the uploaded file in a location accessible from the web"? Where is accessible from the web, especially when thinking about our projects?

How can we get the Flask extension that implements a full fledged upload mechanism to let us decide which file types to allow?

I feel confused on pathnames and storing files. 

"files: you'll need a naming scheme for your uploaded files.
You could use a counter: fileNNN.jpg
You could use an ID: fileNM.jpg
You could use a timestamp: file-2022-04-01-23-01-12.jpg (your phone's camera does that)
You'll probably store the filename in an appropriate database tables, unless the naming scheme allows the filename to be inferred from other data.'

 Would it be easier to have the filename be inferred from other data and not storing it in a database? can you talk about pros/cons of doing this "