Apache won't let me write to the disk

[Ruudboy]

No, unless they uploaded a php script. Again, a huge security hole - you should code your script to delete any script that doesn't have an "accepted" extension (for example, the one at QBNZ denies any file without the extensions .txt, .bas, .zip or .rar).

it's simple to do the blocking (many free scripts do this) just allow only certain types of file

[eno_on]

So is it ok if I have a 777'ed directory, and a upload script with file type filters? Should I put the file directory out of the htdocs folder, and use aliases for it to work?