Could I add that you should check all input into your script, including user input and input that has come from a database, os file etc. Just because you have a trusted or secure database doesnt mean a rougue employee cant insert naughty stuff into it, (nor a hacker hack it for that matter).

In actual fact -T enforces what i just said anyways.. :-)