You have already been told how to get the result you want,
but not why it was done this way.
The thought was that the browser sends the actual filename
of what is sent, and that information can be useful, so it
should not be lost. However that name can have any garbage,
and so should not be trusted. Furthermore the name of the
temporary file that has the data should be irrelevant to
you, you just want to get the data and do something with
it.
Therefore the API was chosen so that you can get all of
the information that is relevant to you and the temporary
file is managed without any work on your part. (I also
think that it tends to confuse people to have this magical
thing which can be used as a string or a filehandle both,
but that is how it was done.)