First and most important thing is to assign your own filename and extension to any uploaded image. Since your webserver decides on what to do with your file depending on it's extension, you should make damn sure it is '.gif'. Renaming the whole file and not only it's extension ensures noone finds a ways break your extension safety and inject his own extension.
Never rely on any mime type sent to determine file type. Mime types can be manipulated and are not reliable. If you HAVE to check your file, use something like getimagesize(). But again, this is not necessary if you set the filename and extension anyways.
http://www.php.net/manual/en/function.getimagesize.php
You should also ensure file size is not to large to avoid your server running out of space.
Ensuring a login before uploading and only allowing a reasonable number of uploads per user is also a nice safety agains running out of space.
So, in short:
- Set filename and extension
- Dont rely on sent filename
- Dont rely on sent mime type
- check maximum filesize
- ensure user can not spam files