PHP move_uploaded_file, what security does it provide

Question

Wherever I look on the difference between PHP functions' rename and move_uploaded_file it always says that the difference is that move_uploaded_file have some security features.

My questions are:

1. what are those security features, what happen if I don't use it?
2. In case that I can't use it (I did an upload but not through POST) so I have to use the rename function, what security measures do I need to take?

Thanks.

Edit
@Pekka asked from me to elaborate of how I plan to upload the file. I'm going to upload files through Ajax, and I have some queue feature for uploading multiples files. Therefore I'm using the php://input stream.

If I understand Pekka answer correctly, I have nothing to worry about since I'm getting the file as a stream and I'm not copying any temp file. Please correct me if I'm wrong.

Answer 1

The background of this was an ancient, pretty bad vulnerability (in the early 2000s) in which you, instead of uploading an actual file, you could overwrite the tmp_file path with a local file path, leading to that local file being treated as the upload instead of the real uploaded file. (There was no $_FILES array back then.)

So for example, when uploading an avatar, the script would copy() the system file you specified (say, a configuration file ../../super_secret/config.php or a .htpasswd) to a public location and try to display it as the avatar image in a <img> tag.

Strangely, I'm unable to find any specific info on this vulnerability (I've searched a number of times already over the past couple of years), but I know for a fact it existed because I tested it myself. Any links are welcome.

As to what security measures to take, as said in the comment, I think you need to explain in more detail what kind of alternative file upload you are planning to use.