There's one more advice on file uploading: you always would be sure what exactly you're put in the accesible by HTTP folders. If you would like to allow visitors to upload images - check image size before uploaded file will be copied to destination folder. If you like to upload anything - check that nobody can run uploaded files.
Would be no possibility to upload and run PHP file.