Below is some code I wrote a while back for doing something similar, though not necessarily exactly the same.
Below that is the HTML form, so you can see the enctype entry.
There are some issues with this code, such as the chance of files being overwritten, but this should give you a starting point.
This script also lets the uploader send an email. Of course, this could be abused, so some restrictions on this should probably be put in place.
Relevant thread: Security issues when allowing file upload via CGI.
My post-upload.cgi script:
use CGI qw( :standard escapeHTML );
my $megabyte = 1024 * 1024; # bytes
my $max_mb = 10; # max no. of MB we will allow
$CGI::DISABLE_UPLOADS = 0;
# CGI module variable for en/disabling uploads (non-zero to disable)
$CGI::POST_MAX = $megabyte * $max_mb;
# CGI module variable for maximum upload size (bytes)
my $base_dir = "/var/www/site1/web/";
my $base_dom = "http://www.website.here/";
my $target_dir = "../uploads";
my $directory = $base_dir . $target_dir;
my $sendmail = "/usr/bin/sendmail";
my @sendmail_opts = ( '-oi', '-t' );
$| = 1;
my $query = new CGI;
my @names = $query->param;
my $url = $query->param("URL");
my $fh = $query->upload('upload_file');
my $filename = $query->param('name');
$filename =~ s/[^A-Za-z0-9\.\_]/_/g;
open OUTF, "> $directory$filename" or die;
while ( $bytesread = read $fh, $buffer, 1024 )
print OUTF $buffer;
if ( !$file && $query->cgi_error )
print $query->header( -status => $query->cgi_error );
open MAIL, "| $sendmail @sendmail_opts" or die "Can't fork sendmail: $
"To: ", $query->param("TO"), "\n",
"Subject: ", ( $query->param("SUBJECT") || "mailed form submission
for my $param ( @names )
printf MAIL "%s: %s\n", $para, $query->param($param);
"\n\nThe link to the uploaded file is $base_dom$target_dir$filenam
+e . ",
"It was renamed by the upload script, so you will need to rename i
print $query->redirect( -URL => $url );
My sample upload form (body only):
<form action="/cgi-bin/post-upload.cgi" method="post" enctype="multipa
<!-- hidden inputs -->
<input name="TO" type="hidden" value="firstname.lastname@example.org" />
<input name="URL" type="hidden" value="http://www.website.here/submiss
<input name="SUBJECT" type="hidden" value="From Your Upload Center on
<!-- visible inputs -->
File to send: <input name="upload_file" type="file" size="30" /><br>
Your name: <input name="name" size="42" /><br>
E-mail: <input name="Email" size="42" /><br>
<input type="submit" value="SEND FILE" />
<input type="reset" value="CLEAR" />
Posts are HTML formatted. Put <p> </p> tags around your paragraphs. Put <code> </code> tags around your code and data!
Titles consisting of a single word are discouraged, and in most cases are disallowed outright.
Read Where should I post X? if you're not absolutely sure you're posting in the right place.
Please read these before you post! —
Posts may use any of the Perl Monks Approved HTML tags:
You may need to use entities for some characters, as follows. (Exception: Within code tags, you can put the characters literally.)
- a, abbr, b, big, blockquote, br, caption, center, col, colgroup, dd, del, div, dl, dt, em, font, h1, h2, h3, h4, h5, h6, hr, i, ins, li, ol, p, pre, readmore, small, span, spoiler, strike, strong, sub, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, wbr
Link using PerlMonks shortcuts! What shortcuts can I use for linking?
See Writeup Formatting Tips and other pages linked from there for more info.
| & || & |
| < || < |
| > || > |
| [ || [ |
| ] || ] |