what about 8bit set chars? are they safe? possible sql code? quotes? cgi meta chars like '%', '&', '=' and '?'? It's hard to exhaust this list of possiblities.

Instead of filtering out what may be bad, we filtering in what is okay.

tr/a-zA-Z0-9.,_-//cd; # If, for example, alphaneumericals and
                       # '.', ',', '_', and '-' are legal inputs.
                       # Anything else is zapped.
                       # this is done by complementing the list
                       # /c tells the engine to translate anything
                       # *not* in the list.
[download]

-nuffin
zz zZ Z Z #!perl