my $upload_dir = "/home/yadayada/public_html/cgi-bin/upload_docs";
my ($base_filename, $untainted_filename);
my @full_filename = ("", "", "");
my @upload_file = ($file1, $file2, $file3);
my $upload_file = param(@upload_file);
my $y=0;
foreach $upload_file(@upload_file)
    {
     if ($upload_file eq "")
          {}
     else
          {
           $base_filename = $upload_file;
           $base_filename =~ s/.*[\/\\](.*)/$1/;
           $untainted_filename = $base_filename;
           if ($base_filename =~ /^([-\@:\/\\\w.]+)$/  )
               {
               $untainted_filename = $1;
               }
           else
               {
                die <<"EOT";
Unsuported characters in the filename "$base_filename".
Your filename may only contain alphabetic characters, numbers,
and the characters '_', '-', '\@', '/', '\\', and '.'
EOT
                }
           if ($untainted_filename =~ m/\.\./ )
                {
                die <<"EOT";
Your upload filename may not contain the sequence '..'
Rename your file so that it does not contain the sequence '..', and try again. 
EOT
                 }
           else {}

           @full_filename[$y] = $upload_dir . "/" . $untainted_filename;
           open (UPLOADFILE, ">@full_filename[$y]") || die ("Can't open (@full_filename[$y]): $!"); 
#                                  open $file_name using FILEHANDLE INFILE
           binmode UPLOADFILE;       # allow FILEHANDLE read in binary mode
           while ( <$upload_file> )
                 {
                  print UPLOADFILE;
                 }
           close (UPLOADFILE);          # close input file
          }
    $y++;
    }