It depends a lot on the OS. For example, say you are running a Windows server with AV software installed. If somebody uploads an infected file the AV software will likely catch any known viruses/trojans and quarantine them before you will be able to do anything with them.

thansk for response, this one's on a Linux (LAMP) server.

Even so, anytime you are allowing somebody else (trusted/untrusted) to put files on your server you should be wary. Even those with best intentions may accidentally push an infected file onto your server. Now, if it does not ever get executed, no harm done. But if you are going to allow the same uploaded content to be pulled from the HTTP server by others you might want to consider the end user. What would happen if somebody downloaded an infected file from your server and it causes issue on their system? What implications does this have on you and your site?

also remember that even though you may trust your source, that also implies trusting everyone they trust and so on

that user got that file from somewhere

implications of uploads

disk space
virii
exploitation
trojans/backdoors/rootkits

no plain sailing when you allow users to upload, strict rules and file checking are required

while it's public upload it would be private download, I'm at the same risk receiving this stuff via basic email?
My form tool emails a link to the uploaded files.

The attachment will be within a db on the server. I can't think of a way that it can execute it self server side, from within a db, or can it?

if theres any additional precautions /methods i welcome them. i have to receive this stuff, form would be more convenient than email, it's the best option at the moment.

really appreaciate your comments, thanks

fair enough then

I wouldn't store them in a db though, gets unwieldy rather quickly

uploads usually go to temp then move them somewhere else
it could be outside of the webroot even and then use a download script to serve them.

check headers, file extensions etc

what types of files are they?