Good to see you using -wT, Strict and CGI. That's a good start to this problem.

There are a few things that may help your situation.

• You have correctly turned taint checking on, but havn't actually de-tainted any data. Unless you clean up user input (the form stuff), Perl will refuse to use it - you should find your servers log is full of error statments.
• CGI has a nice way to control upload files built in to it, which is better than your counting trick. You count the data after the server has it, which is a bit late.
• You don't have to, but CGI has nice routines to deal with printing your HTML out for you, it won't fix your problems, but it will make your life easier in the long run.
• You may find that adding use CGI::Carp helps to, as it will send more sensible errors to your server

At first glance I'd bet your getting 500 Server errors as your trying to use tainted data to open and write to a file. Have a look in your server log to confirm this, then have a look at:

• perlsec - to see how you can de-taint data and make it safer to use.
• cgi - to control file size uploads eg $CGI::POST_MAX = 64 * 1024; for 64k maximum, and to do pretty HTML printout see Re: Writing a simple posting script which can be used via the web for a recent example.
• Have a look at various CGI Upload scripts in Q&A QandASection: CGI programming and other locations it's a popular topic.
• cgi::carp - If you use this you can send nice error messages to the server logs, and if you use the fatalstobrowser during development, you can even get feedback in your browser. Instead of exit; you can say die "Serious problem $!"; or whatever is useful.

This is a small start, I expect you get lots of other tips as well, good luck!