The quickest way of protecting yourself from attacks would be to make the PHP check the IP of the incomming connection and ignore it if it isn't your own - presuming yours is a moderately static IP.
You could have it email you if a bad IP tried using the upload script, that way you'd know when your IP changes.
IP is a $_SERVER variable, mail is easy to do in PHP.
There are various ways to make data 'safe'. I'm at work and the internet is really slow here so I can't check, but there are commands like htmlentities, I think there may be a striptags, you can also use str_replace to change your field delimiter to something else (so you'd change ' and " for something else (such as their unicode equivalent or you could remove them altogether)).