# untaint filename and type
$filename =~ s/[^A-Za-z0-9_-]//g;
$type =~ s/[^A-Za-z0-9_-]//g;

          # create a unique file in my desired $directory:
my $i = 0;
while(-e "$directory/$filename$i.$type")
{
    $i++;
}
          # this won't write over anything else.
my $newfilename = "$directory/$filename$i.$type";

          # Write contents of uploaded file to $directory
open(FILE, "> $newfilename") or die "$!\n";
{
     local $/="";
     my $uploaded = <$filename>;
     print FILE $uploaded;
}
close FILE or die "$!";