image uploading

[ProblemHelpPlease]

I am about to begin developing an online photogallery that will allow anyone to upload images to appear online. I am concerned over tthe potential security risk of allowing the public access to upload to the server.I know how to check file types before saving to the server using PHP so can limit uploads to just jpg for example but I wondered if I need any further security checks, or if the php file type check can be bypassed by a hacker.I will be saving the filenames and a small description for each image in a database online. The data going into this will be passed through normal security checks (escaping etc). The images will also be manually checked before they appear on the site but not before they are uploaded to the server.In anyone has past experience of the security required for file uploads then I would be grateful of any info you have.

[jeffman]

PHP provides several ways to check data types. Be sure to use one that actually checks the data.Regardless of mime type, accept files only with an image extension (.jpg, .png, etc.). It would be a catastrophe if a PHP script or any other executable code got smuggled up and could be executed just by writing the name of the file in a browser's URL bar.Give each user a limit as to how much data they can store / upload in a particular space of time. Otherwise, a cracker could hijack all your bandwidth till your disk space is full, and then your disk space will be full!