My way ...
writeable directory
1. Check who the user is ... are they allowed to upload ?
2. RTFM (blunt but ... )
PHP: Handling file uploads - Manual it gives you pretty much everything you need to know
3. I don't recommend storing files within the database. The overhead of all that data being read from the database is pretty crazy. It bloats your database it isn't friendly you've got to write scripts to handle files and do a lot of unnecessary crap.
4. Your database should contain a table giving userID, Filename, validated
And away you go ...
store the files outside of your root webfolder preferably if memory serves correctly you want to use fpassthru or similar to grab the files. This is assuming of course the files are "sensitive"
Other steps...
Limit file size they are allowed to upload..
You could try checking the extension of the files they upload.
Then you could try to determine if its an image with the getimagesize function ... if its not .. junk it ... and report the error ...
PHP: getimagesize - Manual
hope thats of some help ...