Use secure practices when handling file uploads to prevent malicious activities such as file system manipulation or malicious code execution. Follow these steps:

1. Validate uploaded files using $_FILES['userfile']['type'] to ensure they are of a safe type.
2. Sanitize the file name and store files in a non-public directory.
3. Generate a unique name using bin2hex(random_bytes(16)).
4. Limit access so that users can only see their own files.

Here's an example code snippet:

$filename = bin2hex(random_bytes(16)) . '.' . pathinfo($_FILES['file']['name'], PATHINFO_EXTENSION);
$directory = 'uploads/';
$upload = ($directory . $filename);
move_uploaded_file($_FILES['file']['tmp_name'], $upload);