Possible Duplicate:
Stop people uploading malicious PHP files via forms
i found a way to clean the images from injected code by adding a very small transparent image to the uploaded image using PHP GD Library this will destroy the injected code (is there a better way ?).
but what about the other extensions if someone injected a code in a text file or whatever extension what can the attacker do in my server and how to prevent this type of code injection.
i'm writing a file upload script and i'm so confused in the security i searched a lot but nothing really helped me.
your help is highly appreciated.