How to safely upload an image to server?

On the PHP side to miss the resulting file using GD library.
If necessary, reduce the quality of the output file, and passing to generate a preview by sending it back to client (+ confirming receipt by the server).
Keep in mind, will have to increase the available amount of memory for a single PHP process.
In my experience, to GD swallowed a 16 megapixel image, you need 128 MB of RAM.
GD fed before being weighed with also().
If this is not done, and in excess of the limit to pay for processing the library, the script silently stops without telling the client anything, and so you can generate a message that the file is large.

Of course, you need to check mime type, check the validity of the pictures, at least also, a function(), and do resize(). All of this can be if you want to Google.
That doesn't usually write so it's about the load on the server when processing the images.
I recommend to load images as is (limiting only the size of the file), while if the images are not loaded at the same time, you can also Lok to hang. Continue to process them is already a separate process asynchronously (for example a crown or a queue Manager).

1) do Not trust anything that arrives in $_FILES;
2) Check on mime white lists using finfo (immediately and file size);
3) Check the extension of $_FILES on the white list, to map to mime;
4) create a file name and extension of oneself.
5) Forbid the web server to execute php in a folder where upload is stored;
5.1) ideally, pour everything on a separate server (or a subdomain under a different user) pure statics, where php generally disabled.