Ejemplo inicial
$name = md5_file( $_FILES['fileToUpload']['tmp_name']); //en el caso de subir un array $_FILES["fileToUpload"]["tmp_name"] = array()

$target_file = "upload/" . $name; 

if(is_uploaded_file($_FILES['fileToUpload']['tmp_name'])
  move_uploaded_file($tmp_name, $target_file);


#Se deben guardar los datos del archivo (nombre y extension principalmente) y al descargar renombrarlo: < a href="upload/a68a72d5abdb040c7b279c707ed5477e" download="name.ext">Descargar< /a>

Detalle de $_FILES
$_FILES['userfile']['name'] //original name
$_FILES['userfile']['type'] //mime type
$_FILES['userfile']['size'] //size
$_FILES['userfile']['tmp_name'] //temporary filename
$_FILES['userfile']['error'] //errores
Métodos adicionales
file_exists($target_file); //verificar si existe archivo

getimagesize($_FILES["fileToUpload"]["tmp_name"]); //tamaño de imagen (adicionalmente sirve para saber si un archivo subido es una imagen)

pathinfo($path) //informacion del archivo
Detalle de método pathinfo()
$partes_ruta = pathinfo('/www/htdocs/inc/lib.inc.php');

echo $partes_ruta['dirname'], "\n";
echo $partes_ruta['basename'], "\n";
echo $partes_ruta['extension'], "\n";
echo $partes_ruta['filename'], "\n";
Subida de archivos con verificación de errores
header('Content-Type: text/plain; charset=utf-8');

try {
    
    // Undefined | Multiple Files | $_FILES Corruption Attack
    // If this request falls under any of them, treat it invalid.
    if (
        !isset($_FILES['upfile']['error']) ||
        is_array($_FILES['upfile']['error'])
    ) {
        throw new RuntimeException('Invalid parameters.');
    }

    // Check $_FILES['upfile']['error'] value.
    switch ($_FILES['upfile']['error']) {
        case UPLOAD_ERR_OK:
            break;
        case UPLOAD_ERR_NO_FILE:
            throw new RuntimeException('No file sent.');
        case UPLOAD_ERR_INI_SIZE:
        case UPLOAD_ERR_FORM_SIZE:
            throw new RuntimeException('Exceeded filesize limit.');
        default:
            throw new RuntimeException('Unknown errors.');
    }

    // You should also check filesize here. 
    if ($_FILES['upfile']['size'] > 1000000) {
        throw new RuntimeException('Exceeded filesize limit.');
    }

    // DO NOT TRUST $_FILES['upfile']['mime'] VALUE !!
    // Check MIME Type by yourself.
    $finfo = new finfo(FILEINFO_MIME_TYPE);
    if (false === $ext = array_search(
        $finfo->file($_FILES['upfile']['tmp_name']),
        array(
            'jpg' => 'image/jpeg',
            'png' => 'image/png',
            'gif' => 'image/gif',
        ),
        true
    )) {
        throw new RuntimeException('Invalid file format.');
    }

    // You should name it uniquely.
    // DO NOT USE $_FILES['upfile']['name'] WITHOUT ANY VALIDATION !!
    // On this example, obtain safe unique name from its binary data.
    if (!move_uploaded_file(
        $_FILES['upfile']['tmp_name'],
        sprintf('./uploads/%s.%s',
            sha1_file($_FILES['upfile']['tmp_name']),
            $ext
        )
    )) {
        throw new RuntimeException('Failed to move uploaded file.');
    }

    echo 'File is uploaded successfully.';

} catch (RuntimeException $e) {

    echo $e->getMessage();

}
Clase de Excepción para el manejo de errores de subida de archivos
class UploadException extends Exception 
{ 
    public function __construct($code) { 
        $message = $this->codeToMessage($code); 
        parent::__construct($message, $code); 
    } 

    private function codeToMessage($code) 
    { 
        switch ($code) { 
            case UPLOAD_ERR_INI_SIZE: 
                $message = "The uploaded file exceeds the upload_max_filesize directive in php.ini"; 
                break; 
            case UPLOAD_ERR_FORM_SIZE: 
                $message = "The uploaded file exceeds the MAX_FILE_SIZE directive that was specified in the HTML form"; 
                break; 
            case UPLOAD_ERR_PARTIAL: 
                $message = "The uploaded file was only partially uploaded"; 
                break; 
            case UPLOAD_ERR_NO_FILE: 
                $message = "No file was uploaded"; 
                break; 
            case UPLOAD_ERR_NO_TMP_DIR: 
                $message = "Missing a temporary folder"; 
                break; 
            case UPLOAD_ERR_CANT_WRITE: 
                $message = "Failed to write file to disk"; 
                break; 
            case UPLOAD_ERR_EXTENSION: 
                $message = "File upload stopped by extension"; 
                break; 

            default: 
                $message = "Unknown upload error"; 
                break; 
        } 
        return $message; 
    } 
} 

// Use 
if ($_FILES['file']['error'] === UPLOAD_ERR_OK) { 
//uploading successfully done 
} else { 
throw new UploadException($_FILES['file']['error']); 
} 
Fuente

https://www.w3schools.com/php/php_file_upload.asp
http://php.net/manual/es/reserved.variables.files.php