$q->param('command') =~ /^(search|\s*)$/; # untaint 'command'
my $command = $1; # $command is now untainted.