I won't tear the code apart, but I highly suggest you do NOT use cgi-lib.pl, but use CGI.pm instead. It does have a 'mode' where you can still use the methods from cgi-lib.pl.
Also, there is a security concern here, as mentioned in another reply. Please take a look at perlsec, use -T (ALL CGI should use -T), and the Untaint.pm module on CPAN.