$yeardir=$ENV{'QUERY_STRING'};
...
opendir(DIR, "d:/wwwroot/CalvaryBaptist/Sermons/".$yeardir);
##</code><code>##

$yeardir=$ENV{'QUERY_STRING'};
$yeardir=~/^(19|20|21)[0-9]{2}$/ or die "Bad year\n";
...
opendir(DIR, "d:/wwwroot/CalvaryBaptist/Sermons/".$yeardir);

##</code><code>##

$yeardir=$ENV{'QUERY_STRING'};
unless ($yeardir=~/^(19|20|21)[0-9]{2}$/) {
    print "Content-Type: text/plain\r\n\r\n";
    print "Bad year.";
    exit; # <-- important. Don't run into the following code.
}
...
opendir(DIR, "d:/wwwroot/CalvaryBaptist/Sermons/".$yeardir);