To be safe, use the upload() function (new in version 2.47).  When called with the name of an upload field, upload() returns a filehandle, or undef if the parameter is not a valid file-
       handle.