Is Validation of MIME Type Sufficient for File Upload?

Hi, I would like to know what are the approaches usually used when handling file uploads? From browsing all the validation rules available to date, MIME type validation seems to be the most applicable. However, is MIME Type validation in itself sufficient or do I need to apply other forms of validations?

I came upon a case recently, whereby there is a module to upload profile image. Though the developer has used MIME validation, but the validation still allows miscellaneous file (ie. PHP file) with image MIME header to be uploaded. Would checking the file extension help in this case?

Would like to know what are the views and advise on this matter from other developers.