[eluser]jedd[/eluser]
If you use the names of the file as given to it by the end-user, you are buying yourself a lot of work.
You need to cope with sanitising their input, you need to ensure that the filename they've given is compatible with your file system (and writing code that is subsequently portable between NTFS and any *nix file system is .. potentially challenging). You need to handle clashes - not just per user - so you can't just create a directory for each user ID and put their files in there, as they may upload, on separate occasions, two files with the same name (but different content). For example - I have 225 different
index.php files on this computer. You need to track the original filename they gave you (so they can identify the file) as well as the filename you had to store the thing to disk with (to avoid clashes, to comply with your FS limitations, to remove slashes or backslashes or backticks or multiple dots, etc). So you're effectively going to be storing the real filename in a table somewhere, as well as the filename you've munged up in order to stick the thing into your filesystem.
Thus you are ineluctably led towards the conclusion that if you're going to use a munged name, then you should use one that's consistently formatted, effectively guaranteed to be unique, and absolutely safe on any file system (even vfat).
You can guess what I'm going to say next, can't you?