Some tips of file uploads With PHP Safer.
When you allow an users to upload files to your website, you are putting yourself at a security risk
- Check the referrer: Check to make sure that the information being sent to your script is from your website and not an outside source. While this information can be faked, it’s still a good idea to check.
- Restrict file types: You can check the mime-type and file extension and only allow certain types to be uploaded.
- Rename files: You can rename the files that are uploaded. In doing so, check for double-barreld extensions like yourfile.php.gif and eliminate extensions you don’t allow, or remove the file completely.
- Change permissions: Change the permissions on the upload folder so that files within it are not executable.