I recommend that you read Lesson 3 in my CGI course. It gives a brief description of taint checking, security issues and it has many links you can follow.

As a general rule specify what you will allow, not what you won't allow. All it takes is for you to miss one thing that you shouldn't have missed and your life could be miserable. Without knowing what you're going to do with your list, I can't be too specific for you, but you might want to check out the Untaint module. For now, though, you can look at this to see the general strategy:

sub untaint {
    my ($string,$regex) = @_;
    croak "Bad regex '$regex'" unless ref $regex eq 'Regexp';
    my ($untainted) = $string =~ /($regex)/;
}

print untaint( 33, qr/^\d+$/ );
[download]

Cheers,
Ovid

New address of my CGI Course.
Silence is Evil (feel free to copy and distribute widely - note copyright text)