1.Keep all such files at the same place (directory) and put a .htaccess file in its root with the following code-
php_flag engine off
This will also helps to prevent the execution of php scripts embedding within the .gif files.
2. You can also ask the Apache handler through the handler command. This will force all the files present in a specific directory to be processed by a certain handler given by you-
<Location /web/uploads/files> SetHandler None </Location>
I hope the above ways of security check of php code was helpful and works well in your next development project. Let me know if still you’ve any doubt regarding the same and share your knowledge or experience below in comment to help others.