关于CGI的upload()方法

关于CGI的upload()方法
看了下CGI的文档，有以下一段：
More seriously, it is possible for the remote user to type garbage into the upload field, in which case what you get from param() is not a filehandle at all, but a string.To be safe, use the upload() function (new in version 2.47). When called with the name of an upload field, upload() returns a filehandle, or undef if the parameter is not a valid filehandle.
如果页面上的input box里用户输入了一个不存在的路径，比如说 M:\abcd.txt，那么upload的返回值为什么是那个不存在的路径（M:\abcd.txt）呢？是不是说只要是个文件句柄，不管文件存不存在，upload()都返回filehandle？
如果是那样的话，从服务器端可以验证客户端要上传的文件是否存在吗？