You cannot block uploads on the server side based on file type. Neither the file extension nor the upload MIME type can be trusted. Which is one of the ways malware gets in.
The best you can do is to discard the uploaded data if you disapprove of it.
One reason you can't block the upload is that (barring "chunked" transmissions), the data is actually part of the total form upload data packet, not something transferred independently the way that images are. So by the time you know what's arriving, it's already there.
Customer surveys are for companies who didn't pay proper attention to begin with.