You cannot depend either on the filename nor the mime type communicated to your server by the client -- both of these could be fabricated.
What you should do is take any files that are uploaded BEFORE you place them anywhere near your upload directory and make DAMN SURE they are in fact one of your accepted image formats. I typically do this by using getimagesize on the tmp file before I'm willing to accept that the image is in fact an image file. I don't recall what getimagesize does when you feed it a non-image, but that shouldn't be too hard to figure out. You should also check things like file size (in bytes), image size, etc. You should define limits to what you will accept. max width, min width, max height, min height, max file size, permitted formats, etc.
Sadly, nobody codes for anyone on this forum. People taste your dishes and tell you what is missing, but they don't cook for you. ~anoopmail I'd rather be a comma, then a full stop. User Authentication in PHP with MySQLi - Don't forget to mark threads resolved - MySQL(i) warning