use CGI;
use File::Basename;

my $cgi = new CGI;
          # $fullname is now a filehandle and a string
          # containing the uploaded filename.
my $fullfilename = $cgi->upload("file");

my ($filename, $type) = split '\.', basename($fh);

##</code><code>##

          # untaint filename and type
$filename =~ s/[^A-Za-z0-9_-]//g;
$type =~ s/[^A-Za-z0-9_-]//g;

          # create a unique file in my desired $directory:
my $i = 0;
while(-e "$directory/$filename$i.$type")
{
    $i++;
}
          # this won't write over anything else.
my $newfilename = "$directory/$filename$i.$type";

          # Write contents of uploaded file to $directory
open(FILE, "> $newfilename") or die "$!\n";
{
     local $/="";
     my $uploaded = <$filename>;
     print FILE $uploaded;
}
close FILE or die "$!";

##</code><code>##

my $fullfilename = $cgi->upload("file");

my $filename = reverse((split(/\//,                
                             reverse($fullfilename)))[0]);