On my site run from home ( I have a script to upload images shown below.

// In PHP earlier then 4.1.0, $HTTP_POST_FILES should be used instead of
// $_FILES. In PHP earlier then 4.0.3, use copy() and is_uploaded_file()
// instead of move_uploaded_file

$uploaddir = '/usr/local/apache2/htdocs/uploads/';
$imgtype = $_FILES['userfile']['type'];
$uploadfile = $uploaddir. $_FILES['userfile']['name'];

print "<pre>";
if($imgtype == "image/x-png" || $imgtype == "image/pjpeg" || $imgtype == "image/gif"){
if (move_uploaded_file($_FILES['userfile']['tmp_name'
], $uploadfile)) {
print "File is valid, and was successfully uploaded. ";
} else {
print "upload failed. Please use .png, .gif, .jpeg, or .jpg";
else {
print "upload failed. Please use .png, .gif, .jpeg, or .jpg";
print "</pre>";

today I looked in the folder which it uploads to and there were two php files. Coppermine.php adn Coppermine.jpg.php. I was wondering if there was a flaw in my code. There probably is because I don't even know php, I just kindof guessed at what is shown above. Anyways, I deleted the two files and then tested from my comp trying to upload a .php and it denied me like it was supposed to.
What do you all think happened? I know I didn't put those files there. It was probably someone from this site because it is the only place with a link to my site.
Can someone enlighten me as to what happened here.
Thanks for any help, it is appreciated more than you know.