usualy the upload section is separated and, if you do it with php, you can control, where the file will be stored.
The section, where images reside, is set to not executable.
You name the file as you like - for instance, make all images to be jpg, resize them, before you store them - etc.
For those operations you can use the GD library of php.
You can limit the size, a user can upload.
Even when you store the image in a blob field, first the server loads it into a temporary file.
For details read the php manual about the image manipulating methods and commands.