OK, here's what I've come up with:

1. Check for a string like "### CALENDAR.PL DATE FILE May13" in the beginning of each date file where May13 would be replaced with whatever the month+date are
2. Check to see that param('month') contains nothing but word characters, param('date') two digits and param('time') one or two digits.

Do you think that this is sufficient, or should the path to the date_file also be validated in some way..? //mjh