To be safe, use the upload() function (new in version
    2.47).  When called with the name of an upload field,
    upload() returns a filehandle, or undef if the parameter
    is not a valid filehandle.

            $fh = $query->upload('uploaded_file');