This reply didn't mention two other things with the original code that should be pointed out. First, you are not using -T (read perlsec and perlrun). Second, you aren't using -w or strict (perldoc strict and perlrun). You should NEVER NEVER NEVER NEVER create a file based on raw user input which you are doing. This is BAD BAD BAD. Learn now before you learn the hard way. You seem to use tr// to help make this safe, but it isn't the best way, and safer programming is better programming. Look at Untaint.pm for untainting of the input and read perlsec, twice. Also, I see no reason why you are using $_. Also, please skim this node but really pay attention to the comments I made on that node following it. It deals with file locking. You have no file locking here, and possibly do not need it, however you should take a look and familiarize yourself with it if you are using text files and not a DB.
swiftone is right about looking at CGI::Carp. It is a great tool for debugging CGI, just add this in your script:

use CGI::Carp qw(fatalsToBrowser);
[download]

and you will get more useful error messages to the browser, most of the time at least :)

Cheers,
KM