#!/usr/bin/perl -wT
use strict;
use CGI;
my $q = new CGI;

my $var = $q->param('var') || '';
untaint(\$var);

# warning do not do this
my @ary = $q->param('options') || ();
# this kills the array return of CGI.pm

##</code><code>##

my @fields = qw(foo bar baz);
for (@fields) {
    $q->param($_,'') unless defined $q->param($_);
}

##</code><code>##

my @fields = qw (foo bar baz);
for (@fields) {
    $USER{$_} = '' unless defined $USER{$_};
}