There is some great info here: http://us2.php.net/features.file-upload
The simple way to do it is by checking the files mime type. for example, this simple code limits uploads to only image types:
// validate the image type
$valid_types = array("image/jpeg","image/jpg","image/pjpeg","image/gif","image/png");
$filetype = $_FILES['uploaded_image']['type'];
if (in_array($filetype,$valid_types)) {
echo '<BR>Valid image type, processing image... <BR>';
} else {
// the image is not a valid type
echo '<BR><h2>Only PNG, GIF and JPG images are supported, no image added!</H2>';
unlink($_FILES['uploaded_image']['tmp_name']);
exit ;
} // end file type validation
but is not the most secure...mime types can be spoofed. The best thing to do is to check mime type, file extension AND rename the file then move it to a directory where apache and the php user only have read-write permissions, not execute.
There is a great tutorial on how to write a class to validate uploaded files on phpfreaks: http://www.phpfreaks.com/tutorials/85/0.php
I didn't write the full class but I did use a couple of the functions - I think you will find it helpful.
