Recently my form was attempted (maybe successfully) to be hacked via php script embedded in a jpg. I originally thought the form was secure because the files never leave the default apache temporary directory.
Basically my form data is posted, and uploaded into a database as a blob, then is downloaded via an administrative panel.
I've been reading a lot of posts and discussions on this it from my understanding, the major security risk is when the file is actually being displayed or stored in a location able to be navigated to via web.
I can include my code if needed, it's just a basic insert escaped file data into a table though.
Should I be concerned?