Questions about image Upload security

For general questions about the security of image uploading, I only need to check the suffix, upload abc.jpg, and put it in/xxx/xxx.jpg. but today I saw an article about how a piece of code is used to create a jpg image and then upload it. & Lt; img & nbsp; src = "xxx.jpg" & gt; then the code is executed? I have been using Baidu for a long time to find information about image Upload security 10 years ago.
Generally, I only check the suffix,
Upload abc.jpg to/xxx/xxx.jpg

But today I saw an article
The principle is to make a piece of code into a jpg image and then upload it.
Then the code is executed?

I have been searching for Baidu for a long time. I found all the materials from 10 years ago, and it seems that this is related to ASP?
I want to ask if this PHP vulnerability also exists?
When uploading a file, only check whether the suffix is secure? Share:
------ Solution --------------------
If (preg_match ('/<\? Php
------ Solution --------------------
Eval
------ Solution --------------------
POST
------ Solution --------------------
Base64_decode
------ Solution --------------------
Base64_encode/I ', @ file_get_contents ($ _ FILES ['uploadfile'] ['tmp _ name']), $ m_err )){
Die ('prompt! Submission prohibited. This image contains the forbidden code '. str_replace ('? ','\? ', $ M_err [0]).'. ');
}

------ Solution --------------------
1. you have set the permission to store all the images as "readable and writable", including temporary directories.
2. check whether the image is real. jpg and so on. If the image is to be cut to the end, you must understand the image format and discard the "extra" bytes at the end of the image. search for relevant articles.

It is relatively safe to basically do these two points, especially the first point is very important.