Uploading Images - Security

Hi All,

Wonder if you could help me out at all?
Been learning PHP (with MySQL) and have put together an admin style script
for my website. As part of the script, I want users to be able to upload
images (Jpegs) to a max pixel size and file size. I've also been learning
about the security side of things, which is where I'm coming unstuck.

I understand that I need to check that the uploaded file is actually a Jpeg
and not rely on the fact that it should be.
Question is, how do I do this and should I check the file before I move it
from the $_FILES to the location on my webspace or afterwards.

Any hints, links or code snippets would be appreciated.
I want to only accept genuine jpegs within the constraints and send an error
message for all other occurrances.

regards

prx



.