I use the following code to save a uploaded file on server:
If the file uploaded by Firefox, the fileName contains only file name.
If the file uploaded by IE, the fileName contains absolute path on client's computer which may exposes security threat.