$r = $cgi->param('r');  # If he provides <<".system("rm -rf /").">>,
$r = "You said $r";     #    the user deletes the server's hard drive.