I did a quick scan of the current batch of responses and I didn't see anyone mention that __FILE__ (and $0, for that matter) can often contain the full path of the script rather than just the basename. This would prevent all of the fine solutions presented so far from correctly filtering out the script name.

You can fix this via:

    use File::Basename qw( basename );
    my @noshow= ( ".", "..", basename(__FILE__) );
[download]

Also, you appear to be listing all of the files in the directory where the script is located which hints that you might be allowing people to upload files into this directory. For security reasons with CGI scripts, you really don't want anyone to have write access to directories or files that are near the CGI scripts. Your CGI scripts usually end up under a directory named something like cgi-bin. In any case, your CGI scripts will be stored in directories that the web server is configured to run scripts from. And you really don't want to allow people to upload files or write to files in a directory where the web server runs scripts from. A cracker could upload a nasty script and then tell your web server to run it!

If you need to upload files, do it to a special directory that is not under cgi-bin. If possible, put the directory someplace that the web server isn't even configured to look at, for example, some place not under public_html or webroot (the exact name of the root directory for your chunk of the web will vary based on server configuration).

        - tye (but my friends call me "Tye")