If there ever was a reason not to use PHP, it's Bugtraq reports like this one. Woo hoo! Any file-upload script can be told to act on any file on the system, because they confuse user-form variables with system control variables. Woo hoo. Another place where oversimplification leads to security holes.