File upload functions are a favorite target for hackers, because they require your site to take a large chunk of data and write it to disk.