You should read more about "taint" and "use strict;" and "use CGI;". They will really help you a lot.

These thingies will check things for you so you don't go home after work thinking "is my script secure?".