It would probably be wise to always declare your variables to a value (even if it's undef)

my ($foo, $bar, $baz) = (undef,'',0);
my $deleteflag = $cgi->param('deleteflag');
[download]

etc. That way, you can guarantee that the values you're going to get will have been generated by this call to the script.