As grep notes, asking how to securely store your files opens up a big can of worms. You can certainly store multi-megabyte chunks of information in mysql, but that's not really the issue. Mysql isn't a way to store things securely anymore than the filesystem is. You probably want to think (read/learn) some about encryption and security in general.

As for file uploads, the Apache::Request module is great. Here's a bit of simple code to handle file uploads in a mod_perl context.

Package UploadDemo;

use Apache::Constants ':common';
use Apache::Request;

sub handler {
  my $r = Apache::Request->new ( shift );
  get_file($r);
}

sub get_file {
  my $r = shift;
  eval {
    # slurp
    local $/ = undef;
    my $upload = $r->upload ( $name_of_file_upload_field );
    my $fh = $upload->fh();
    my $uploaded_string = <$fh>;
    # save
    # ... (save code/call here)
  }; if ( $@ ) {
    $r->log_error ( "upload failed -- $@" );
    return SERVER_ERROR;
  }
  $r->content_type ( "text/plain" );
  $r->print ( "ok -- file was uploaded" );
  return OK;
}
[download]

You'll need to do a little Apache configuration to hook a url to the UploadDemo handler sub, of course. Something like:

  <Location /upload.html>
    SetHandler perl-script
    PerlHandler UploadDemo
  </Location>
[download]

Or, if you're doing this in Mason or some other templating environment, you can strip this code down even a little further, to get the hang of things. I usually prototype this kind of standalone thing in Mason, then flesh it out as a mod_perl module when I'm happy with the logic.

Note that slurping the whole thing into a single scalar will be more memory-intensive than looping over the filehandle a line at a time. The Apache::Request documentation gives more examples and details (including describing a nifty UPLOAD_HOOK that can be defined to -- among other things -- display a progress meter as the file is read in.)

Kwin