I am using the following code:
#!/usr/bin/perl -wT
use strict;
use CGI;
use CGI::Carp qw ( fatalsToBrowser );
use File::Basename;
my $query = new CGI;
my $filename = $query->param("photo");
my $user_username = $query->param("text_value");
$CGI::POST_MAX = 1024 * 5000;
my $safe_filename_characters = "a-zA-Z0-9_.-";
my $upload_dir = "/" . $user_username;
if ( !$filename )
{
print $query->header ( );
print "There was a problem uploading your photo (try a smaller file).";
exit;
}
my ( $name, $path, $extension ) = fileparse ( $filename, '\..*' );
$filename = "user_pro_pic" . ".png";
$filename =~ tr/ /_/;
$filename =~ s/[^$safe_filename_characters]//g;
if ( $filename =~ /^([$safe_filename_characters]+)$/ )
{
$filename = $1;
}
else
{
die "Filename contains invalid characters";
}
my $upload_filehandle = $query->upload("photo");
open ( UPLOADFILE, ">$upload_dir/$filename" ) or die "$!";
binmode UPLOADFILE;
while ( <$upload_filehandle> )
{
print UPLOADFILE;
}
close UPLOADFILE;
print $query->header ( );
print "$user_username";
print "<script> location.href='http://google.com/' </script>";
Check out Data::FormValidator and for uploads specifically Data::FormValidator::Constraints::Upload .
Data::FormValidator is the way to go handling CGI params validation. You will separate your validation logic into a profile and your custom validation code will shrink to just few lines.