I am writing a web application that users can upload their attachments and send them to administrator. I know it has vulnerabilities for system and administrator if someone appended some PHP (Or any other web programming language) scripts inside the attachment file.
I did something to detect a real and safe file has been uploaded. But as security is not 100%, I think it is not enough to make high security for this application.
I'm thinking about writing a downloader PHP file, to force download for all types of attachments instead of opening them in browser.
My question is: Can this method (Forcing download) prevents executing appended scripts inside the uploaded files, solve mentioned vulnerability, and increase the security for my web application?