Here's a test to make sure that the data contains nothing
but "word" characters (alphabetics, numerics, and under-
scores), a hyphen, an at sign, or a dot.

    if ($data =~ /^([-\@\w.]+)$/) {
        $data = $1;                     # $data now untainted
    } else {
        die "Bad data in $data";        # log this somewhere
    }