Whilst researching the file upload script that will be used to add avatar photographs to the contact book I found this piece which I'm sure will prove useful. This is a checklist of different measures to help prevent unwanted files being sent to the server maliciously or by accident.
http://hungred.com/useful-information/secure-file-upload-check-list-php/
