# ...

use CGI; my $q = new CGI;

my $namecover = check_input( $q->param("cover") );

my $photocover = $q->upload("cover");

$namecover = lc $namecover; 

my ($radical, $extension) = split (/\./, $namecover); 

$namecover_system = "$record_id.$extension"; # this record_id comes from the database

$namecover_system = untaint ( $namecover_system ); # the -T switch wouldn´t work without this; the untaint() is a sub I created to untaint the data

open (PHOTO,">../images/covers/$namecover_system") || die $!;

binmode PHOTO;

while (<$photocover>) { 

print PHOTO; 

}

close PHOTO;

# ...