There are a number of changes/recommendation's I'd make here.

  1. Always, always, always run under use strict and use warnings.
  2. Use the CGI module's function for printing the HTML header, rather than writing it yourself.
  3. Define all your files & file paths right up front, rather than having them scattered through the file. I haven't done it here, but you might even consider making them constants.
  4. Simplify your regexp, and make sure it does what you mean; anchor it to the end of the string, so it won't match my_file.jpeg.txt.
  5. Use a better system for tracking the file number. The subroutine I've used here is taken from the Perl Cookbook, and uses file locking to prevent two programs (or the same program) from writing to the file at the same time. This is an important consideration anytime you're doing file I/O from the web.
  6. The CGI.pm docs recommend using $cgi->upload for upload fields.

So, finally, here's my code: 

#!/usr/bin/perl

use strict ;
use warnings ;

use CGI ;
use CGI::Carp qw( fatalsToBrowser ) ;
use Fcntl qw( :DEFAULT :flock ) ;

my $cgi = new CGI ;
print $cgi->header ;

my $dir   = "/www/test" ;
my $count = "/www/test/counter.dat" ;
my $file  = $cgi->param( 'file' ) ;

if ( $file =~ /.(jpe?g|gif)$/i )
{
    accept_file( $file, $dir, next_file_number( $count ), $1 ) ;
}
else
{
    print <<"END_OF_MSG" ;
<h1>$file</h1>
Sorry, but you have either not selected a file to upload or you are
trying to upload an invalid picture file.  Only the following file
extensions are supported: /.jpeg/.gif/.jpg.  Please press the 'back'
button below to return to the Upload form.
END_OF_MSG
}

sub accept_file
{
    my ( $file, $path, $file_num, $ext ) = @_ ;
    open FH, ">$path/$file_num.$ext"
      or die "Can't open $path/$file_num.$ext: $!" ;
    binmode FH ;
    while ( <$file> )
    {
        print FH $_;
    }
    close FH ;
}

sub next_file_number
{
    my $counter_file = shift ;
    sysopen FH, $counter_file, O_RDWR|O_CREAT 
                            or die "Can't open $counter_file: $!" ;
    flock( FH, LOCK_EX )    or die "Can't write-lock $counter_file: $!
+" ;
    # Now we have acquired the lock, it's safe for I/O
    my $num = <FH> || 0 ;
    seek FH, 0, 0           or die "Can't rewind $counter_file: $!" ;
    truncate FH, 0          or die "Can't truncate $counter_file: $!" 
+;
    print FH ++$num, "\n"   or die "Can't write $counter_file: $!" ;
    close FH                or die "Can't close $counter_file: $!" ;
    return $num ;
}

[download]

_______________
DamnDirtyApe 
Those who know that they are profound strive for clarity. Those who
would like to seem profound to the crowd strive for obscurity.
            --Friedrich Nietzsche

In reply to Re: upload.cgi my script is bugged by DamnDirtyApe
in thread upload.cgi my script is bugged by Anonymous Monk

Title:
Use:  <p> text here (a paragraph) </p>
and:  <code> code here </code>
to format your post, it's "PerlMonks-approved HTML":


  • Posts are HTML formatted. Put <p> </p> tags around your paragraphs. Put <code> </code> tags around your code and data!
  • Titles consisting of a single word are discouraged, and in most cases are disallowed outright.
  • Read Where should I post X? if you're not absolutely sure you're posting in the right place.
  • Please read these before you post! —
  • Posts may use any of the Perl Monks Approved HTML tags:
    a, abbr, b, big, blockquote, br, caption, center, col, colgroup, dd, del, details, div, dl, dt, em, font, h1, h2, h3, h4, h5, h6, hr, i, ins, li, ol, p, pre, readmore, small, span, spoiler, strike, strong, sub, summary, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, wbr
  • You may need to use entities for some characters, as follows. (Exception: Within code tags, you can put the characters literally.)
            For:     Use:
    & &amp;
    < &lt;
    > &gt;
    [ &#91;
    ] &#93;
  • Link using PerlMonks shortcuts! What shortcuts can I use for linking?
  • See Writeup Formatting Tips and other pages linked from there for more info.