image security

I noticed that when dealing with a file based image, that there is a "browse" button next to the field. I found out that it isn't secure, because I browsed to the folder containing all the php files and could open one with wordpad. However if I try to add an image, and just type in an image name I get an error. You have to browse for the file name to edit or add a new record. Is there a way to avoid this browse, and just enter the file name? For example, my images are in upload/ and let's suppose one is named bobby.jpg. How can I do away with the browse button and just enter bobby.jpg in that field? I am using thumb nails also. Also, the who;e path to images is http://localhost/pets/upload/. So a pet named rover image is at