Hello!

Today I will talk about secure file upload.

Please, do not use chmod 777 on yours upload files. That means everyone can write on your directory and maybe execute that file.

Use chmod 755 and be happy. For that you must have to change the directory's owner to the apache users. In the Ubuntu Linux the apache user is usually www-data, but using another versions can be apache, httpd, nobody or just www.

So...

chown -R www-data upload_dir  
chown -R 755 upload_dir

See you...