Hi!
I'd like to suggest you to use
CGI::Upload by
rob_au. It's really well written and easy to use, and might prevent you from writing exploitable code. (I've seen some pretty bad upload scripts on a page of a friend last week which could have been exploited pretty easily...). But even with using CGI::Upload you should check your Script carefully and have a look at
b0ilers Hacking-CGI and of course
CGI-Course by ovid. I just tell you the stuff about security because I have made same errors when I started some months ago so I want to prevent others from doing the same :)
giant