Something I would add when accepting uploaded image files is to use PHP to check the MIME type of the uploaded file. If it is text/plain when it is a .gif file then something is very wrong. Make a list of supported image types (gif,jpeg,png,etc) and reject everything else.