I should note that it does not look like you're using strict.pm, and your printf is adding unnecessary complexity, that line is more clearly written as:

print "File to be deleted: [$fileName]\n";
[download]

You are correct, tilly. I turned off taint checking and now the parameter passing method works. I'll have to look into this a little deeper, since taint checking seems to be something I want to have active.

Thank you all for your quick responses!

PLEASE COME BACK HERE don't, please, run CGIs without -T. As holli said below, someone will pass you "/etc/passwd" as a parameter and you will be hosed. you can unlink the file IIRC if you check it against a regex, like this:

unlink $1 if $fileName =~ /^(\.\.\/\.\.\/20\d{6}\.txt)$/;
[download]

_without_ having to run it insecurely. as a plus, it will only remove the remove-able files.
[]s, HTH, Massa

unlink( $fileName ) or die "Can't unlink $fileName: $!";
[download]

That was my first thought as well. But if it was a permission problem, then neither method would work. unlink() just returns the number of files unlinked, so it returns 1 for the snippet that works and 0 for the snippet that doesn't work, in this case.

So it can't for some reason unlink the file. There are two possibilities: 1. you don't have permissions. 2. the path does not point to the right file (for instance, you're in the wrong current directory).

So what's in "$!" ? I did not put that code there for laughs. Anyone who wonders why some operation on a file didn't succeed and doesn't do a check + print $! gets what (s)he deserves.

"What should it profit a man, if he should win a flame war, yet lose his cool?"

If that isn't the problem you might check for unprintable control-characters in the filename by printing the length of $fileName and check for problems with the current directory by printing $ENV{PWD} or by using an absolute pathname instead of the '../../'