But when i do use CGI.pm and I upload any file from the local windows machine, my application now grabs the whole path of the file (example C:\docs\test.txt). It obviously omits the backslashes(\)used in the windows path for the file and the application ends up with a file called C:docstest.txt.

I'm not sure what you're saying here. I think that you're saying that CGI.pm gives you the full filename eg "C:\docs\test.txt" and you just want "test.txt". Is that correct?

Assuming that I'm right, you might consider using the File::Basename module that comes standard with Perl. So your script might have code that looks kinda like the following.

use CGI;
use File::Basename;

my $cgi = new CGI;
          # $fullname is now a filehandle and a string
          # containing the uploaded filename.
my $fullfilename = $cgi->upload("file");

my ($filename, $type) = split '\.', basename($fh);
[download]

An example of how you might use the above is to add something like this below it:

          # untaint filename and type
$filename =~ s/[^A-Za-z0-9_-]//g;
$type =~ s/[^A-Za-z0-9_-]//g;

          # create a unique file in my desired $directory:
my $i = 0;
while(-e "$directory/$filename$i.$type")
{
    $i++;
}
          # this won't write over anything else.
my $newfilename = "$directory/$filename$i.$type";

          # Write contents of uploaded file to $directory
open(FILE, "> $newfilename") or die "$!\n";
{
     local $/="";
     my $uploaded = <$filename>;
     print FILE $uploaded;
}
close FILE or die "$!";
[download]

Of course, you might want to be doing something else with your uploaded data, so go ahead.

You might be tempted to do this another way. For example you could do this:

my $fullfilename = $cgi->upload("file");

my $filename = reverse((split(/\//,                
                             reverse($fullfilename)))[0]);
[download]

and then $filename would have everything beyond your last /. Of course TMTOWTDI. Keep in mind that the first solution I have offered is somewhat more portable though. ;)

Hope this helps.

jarich

Update:added in " marks to make it compile. *blush*. Changed called to fileparse to basename and split as fileparse doesn't seem to work as expected in many cases. Added in taint checking for filename in example use.