image upload security

Question

1- could any body tell me what is the security measure i supposed to apply for uploading an image to

database, i just wrote this script and i don't know is it save from sql injections or not, or even XSS attacks,

2- i don't want to allow execute any files with the extension of ( php,html,cgi etc ect ) where the image folder will holds all the uploaded images, i just don't know how to do this , but i think it has to be done with .htaccess

3- where i should locate the image folder on my web server for avoiding any kind of attacks

any help please,

<form method="post" action="index.php" enctype="multipart/form-data">

            <input type="file" name="image" />
            <br/>
            <input type="submit" value="UPLOAD" />

        </form>


    if(isset($_FILES['image']))
    {
        if($_FILES['image']['error'] > 1)
        {
            die('Please choose image');
        }

        else if (!preg_match('([^\s]+((jpg|png|gif|jpeg))$)', $_FILES['image']['type']))    
        {
            die('Please upload a valid image with extension of ( jpg, gif, png, jpeg)');
        }


        else 
        {

            $target  = "upload/".time().'_'.basename($_FILES['image']['name']);

            $temp    = $_FILES['image']['tmp_name'];

            $moved   = move_uploaded_file($temp, $target);

            $conn    = mysql_connect('127.0.0.1','root','') or die (mysql_error());

            $db      = mysql_select_db('test');

            $image   = str_replace('upload/','', $target);

            $sql     = mysql_query("INSERT INTO `image` (`id`, `image_name`) VALUES ('','$image')");

            header('Location: index.php');

        }

    }

Answer 1

Check OWASP recommendations for file upload https://www.owasp.org/index.php/Unrestricted_File_Upload

If possible save the files outside of the web server public directory