Implementing your own upload form like this can be a major security vulnerability, you might want to instead use a library/script where such potential issues are already dealt with properly.
Here is one I remember using successfully on a project for a similar purpose (user uploaded video)... though it may be more than what you need, it does have more examples and documentation than a simplified web example: PL Upload
EDIT: I just remembered that was actually my fallback uploader for that project, the main one used was ResumeableJS as it supports file resuming for large files (very handy for video uploads!)