A new tutorial has been posted to the WebCheatSheet.com website demonstrating a method for secure file uploads with PHP.
In spite of security issues that should be addressed before enabling file uploads, the actual mechanisms to allow this are straight forward. In this tutorial we will consider how to upload files to some directory on your Web server. We will also discuss security issues concerned with the file uploading.
They break it up into the two key parts - the HTML form and the PHP script that handles the resulting upload request. The "secure" part comes in with the validation of the upload. In this case, making sure it's a JPEG file, that its size is less than 350 KB, and that a file by that name doesn't already exist.