There are a few issues here. The biggest is that you are accepting someone elses name for the file you will be storing. If they give you a deliberately wrong filename they could overwrite important files on your system. Never allow a user to write to any old filename! Have your script pick the filename to save to, then save the users filename (description) in another file, or a database or something.
You also have the potential to have your images cut off halfway through if the maximum POST size is set too small in your webserver.
Also your script doesn't appear to have any sort of log in feature, so a naughty user could just upload thousands of files and fill up your server, and you wouldn't be able to stop them.
____________________
Jeremy
I didn't believe in evil until I dated it.