You're asking a lot of questions here.
If you want to make sure no files get over-written, you need to alter your script to generate unique filenames for each file that gets uploaded. A good function for this is [man]uniquid[/man]. Or, you might be able to just use the tmp_name given to the file when it is originally uploaded. If you want to remember what the uploaded file's name is originally, you will need to store the original names and the new unique filename together in a database.
If you want to check if the file is jpeg or gif, there are a couple of ways that come to mind. There are some tools that let you get information about a file which may or may not be available on your machine:
http://www.php.net/Fileinfo
http://pear.php.net/package/MIME_Type
You could use those to find out more about the uploaded file and screen them based on the results.
Another thing I've done frequently is use the function [man]getimagesize[/man] and if it returns FALSE i know the file is not an image. If it returns an array, then I can check the array to make sure its an acceptable image type. You can also put an 'accept' attribute in your form to limit file uploads to certain mime types. You can't trust the browser to tell the truth about a mime type, but it could be useful to prevent unecessary uploads if your visitors use well-behaved browsers.
To prevent enormous file uploads, you can specify a size limit in the form itself by using a hidden input with name MAX_FILE_SIZE. PHP also has a built-in size limit for uploaded files. And finally, you can use the [man]filesize[/man] function in your script to check the file yourself.
I'd recommend reading this.
