[eluser]Myles Wakeham[/eluser]
Here's what I do (take from it what you will)...
Images are uploaded by user to a path accessible to PHP. On receipt, I create a record of the image in a database and store its original name in the db row. This is just an index. I take the sequence number generated by the DB and replace the filename (leaving the original extension) with it, and come up with a new name (ie. 123.jpg).
I then move the original uploaded image, to a place that I want it. Keep in mind, I'm a big believer in basedir security, so I keep the basedir range limited to protect my site from hack attempts.
After moving the file, I remove the original from its upload path. I then replace all references to the image to its new file name. This renaming guarantees unique file names on the server, since I can't control if 2 users upload the same 'car.jpg' file, or whatever.
It works fine. The real benefit is basedir security. If you saw the number of hack attempts on my code before this was introduced, it would blow your mind....
Myles