Your question is a bit ambiguous and open ended ... but here goes:
If its your first application using OOP and PDO then upload it and then try and break into it -- do all the things you are not expecting a user to do.
At every place you use GET, POST or COOKIE data force in data that should not be allowed, read up on FIEO.
Review your code again, and check how well you are actually filtering input - then try and attack it again.
For your next project read up on TDD methods for OOP development.