file import security issue

[leviyasi]

i have one questionwhen we give option to web user to import data into mysql table, is this secure?for example\[code\] <form method="post" action="import.php" enctype="multipart/form-data"> <input id="file1" name="file1" type="file"> <input type="submit" name="button" id="button" value="http://stackoverflow.com/questions/2077341/Submit" > </form> \[/code\]and in import.php we have following code\[code\] <?php $theFile = $_FILES['file1']; $tmp_name1 = $theFile['tmp_name']; $row = 1; if (($handle = fopen($tmp_name1, "r")) !== FALSE) { while (($data = http://stackoverflow.com/questions/2077341/fgetcsv($handle, 1000,",")) !== FALSE) { $num = count($data); // SQL insert statement } fclose($handle); }\[/code\]my question is, if some one upload any script or .exe or virus this will go to web server temp directory how we can secure it?what will be safe way ?Thanks