Basically this is for a simple site where admin only will upload pictures, how do i safeguard image upload here ?
$uploaddir = "./images/";
$uploadfile = $uploaddir . $_FILES["imgfile"]["name"];
move_uploaded_file($_FILES["imgfile"]["tmp_name"], $uploadfile) ;
$sql = "INSERT INTO entries(cat_id, dateposted, subject,image,youtube,page, body)
VALUES(
'" .is_int($_POST['cat']) . "'
, mysql_real_escape_string(NOW())
,'" . mysql_real_escape_string($_POST['subject']) . "'
,'" . mysql_real_escape_string($_FILES['imgfile']['name'])."'
,'" . mysql_real_escape_string($_POST['youtube']) . "'
,'" . mysql_real_escape_string($_POST['page']) . "'
,'" . mysql_real_escape_string($_POST['body']) . "'
);";
mysql_query($sql) or die(mysql_error());