Howdy, This is a snippet that should give you the idea...

#!/usr/bin/perl -w

use strict;
use CGI;

my $query = new CGI;

my $go_switch = $query->param('go_switch');

if ($go_switch){
    my $file1 = $query->param('file1');
    my $file_type = $query->param('file_type');
    if ($file_type eq "jpg" || $file_type eq "gif"){ #only allowing im
+ages here
        my $file_mod = "p000001";
        if ($file1) { # uploads the first file
            my $save_directory = "/var/www/storage/$file_mod.$file_typ
+e";
            print "$save_directory<BR>";
            my $BytesRead;
            my $Buffer;
            my $Filename = $file1;
            $Filename =~ s/^\.+//;
            my $File_Handle = $query->param('file1');
            open (OUTFILE,">>$save_directory");
            while (my $Bytes = read($File_Handle,$Buffer,1024)) {
                $BytesRead += $Bytes;
                print OUTFILE $Buffer;
            }
            close($File_Handle);
            close(OUTFILE);
            chmod (0666, "$save_directory");
        }
    }
}
[download]

It's not perfect, normally I increment the filename from a datasource and have a broader variety of files I allow, but I feel by setting the file type and name (and putting in places that are not executable just in case) and giving the person uploading absolutely no options at all concerning where it is placed, how it is named, and what the permissions are, I can sleep with only one ear listening for the emergancy pager...

A necessary evil in the current environment....:(

EEjack