List of steps to take care when using PHP to upload images or documents
i) use is_uploaded() function to check if the file is uploaded before moving the file from temporary location
ii) sanitize the name of the file before moving the file from the temporary location by executing the ‘mv’ system command (use escapeshellargs, escapeshellcmd as needed)
iii) chmod the file setting to 644 if needed
iv) the directory from where the file will be moved and the destination directory should be initialized beforehand in order to prevent users from altering the path where the files could be stored
