iccsi,
I'd strongly recommend not allowing files to be uploaded anywhere inside of your web root (i.e.: inside "\inetpub\wwwroot"). This is a major security hole and attack vector. It would allow malicious users to upload executable files or scripts and subsequently execute them from the browser.
Always upload to a folder outside your web root, validate what was uploaded, then move to a folder inside the webroot ***if appropriate***.
-Carl V.