#!/usr/bin/perl -w use strict; use warnings; use CGI qw(:standard); use CGI::Carp 'fatalsToBrowser'; $CGI::DISABLE_UPLOADS = 0; $CGI::POST_MAX = 52428800; my $SAVE_DIRECTORY = "/tmp"; my $query=new CGI; my $filename = $query->param("filename") or die "no filename"; # you need to check that the filename only contains sane characters # otherwise you could have users writing anywhere in the file system die "bad filename" unless $filename =~ m/^\w+$/; my $fh = $query->upload("upfile") or die "no file"; # you realise this could allow multiple users to write to the same # filename at the same time. probably not what you want. open(OUTFILE, ">$SAVE_DIRECTORY\/$filename") or die "open failed ($!)"; binmode OUTFILE; my ($bytes, $buffer, $size); while ($bytes = read($fh,$buffer,1024)) { $size+=$bytes; print OUTFILE $buffer; }; # read can fail with undef - you need to check :-) die "read failure ($!)" unless defined($bytes); close(OUTFILE); print $query->header; print "$filename uploaded: $size bytes" if $size > 0;