You're getting the error:

    > Software error:
    > Insecure dependency in open while running setgid
[download]

which means that your software is doing something good and right. You said earlier that you weren't yet worrying about security in your scripts... well, you should be happy that you're getting this error, then! It means that at least you have software looking out for your security.

Anyway, if you read perlsec, you'll find that this error is occurring because you're using tainted data--data that's coming from a source external to your program. This is a problem in a CGI environment, because you don't control the input to your script. And in fact, the example you use is a huge security hole.

To untaint your data, you can check run it through a regular expression that checks for safe characters, then grab the safe characters and use those for your filename. perlsec has this example:

    if ($data =~ /^([-\@\w.]+)$/) {
        $data = $1;                     # $data now untainted
    } else {
        die "Bad data in $data";        # log this somewhere
    }
[download]

So you can do something similar to your $nameoffile variable. Run it through a similar regular expression and then set it to $1.

Read perlsec so that you write secure code.

By the way, you also said this:

    > #By the way when I tried to use 
    > #$nameoffile=$query->param('nameoffile'); it returned the
    > #error "..param must be part of some structure..."
[download]

That code tries to call the param method on the $query object. You don't have a $query object defined, so you can't call a method on it. Just using

    param('nameoffile')
[download]

like you are should work fine.