When I upload to my website, how do I make it so that not anyone can get it?? Like i want to upload to www.mysite.com/file etc etc. What keeps peeps from just typing in www.mysite.com/file in the browser window and just steal my file?

In short -- you need authentication. Either username/password, a key passed in the URL, cookie for session, whatever... something that distinguishes the authorized user from the non-authorized one. But don't rely on the referer paramenter, it can be spoofed too easily.

I'm going to use payloads to so peeps can buy stuff from me... I can't have a registered and non registered section. it's gotta be easy etc.

Is it payment, given access, download?

1 file, many files, or ?

Generally, there are scripts that help. Try www.hotscripts.com. I remember there's a ton of them there.