sub badinputerror ($) {
  my $q = shift;
  print $q->header('text/plain');
  print <<"EOHTML";
    There was an error with
    your input. Please try again.
EOHTML
  die "input did not pass taint checking\n";
}

sub untaint ($$$) {
  my $q = shift;
  my $name = shift;
  my $re = shift;
  my $tainted = $q->param($name);
  my $untainted = undef;
  
  $untainted = $1 if($tainted =~ m/^($re)$/);
  badinputerror($q) unless($untainted);
  return $untainted;
}
#
# And later on in the code, for example
#

my $username=untaint($q, 'user', "[a-zA-Z][a-zA-Z0-9_]+");