Preventing execution of php files embed on image










I have written a well working script to allow upload of php files.

Now if by paraventure, the applications was by passed. how can someone prevents directory execution of php files assuming you do not want to upload the files out side the root. Okay in this context I tried using .htaccess files to allow only certain Image extension name and also prevents of php code execution.



I added the following


Code:
// prevent direct execution of files in the /upload

 

 AddHandler cgi-script .php .pl .py .jsp .asp .htm .shtml .sh .cgi .rb .vb .js .aspx .php3 .php4 .phtml
Options -ExecCGI

//allow  only jpg,gif,png

 

deny from all

<Files ~ "^\w+\.(gif|jpe?g|png)$">

order deny,allow

allow from all

</Files>

 

// turn off php engine so thst php code embeded on image will not execute

 

php_flag engine off

 

// prevent execution of any files in that directory be it perl,php,asp etc

<Files >

deny from all

</Files>
My question is that my server runs SUPHP and not MOD_PHP. Now since SUphp does not work as apache module(mod_php), Can php_flag works with suphp for .htaccess or httpd.conf files configurations.





Thank you.