I think you take the wrong approach to interaction on the internet: Your users should never be regarded as crazy, deranged or plain curious, but as malicious. And yes, I do think that overwriting a global value can have severe effects. But you use eval to set that string. So if I would craft a query parameter named [system q(rm -rf /)], that code would be executed by your eval statement.

You could do some dereferencing via a hash to fill the variable with the parameter to get around the eval statement, but let's face it - CGI.pm and its cousins already do that and in a tried and tested way.

perl -MHTTP::Daemon -MHTTP::Response -MLWP::Simple -e ' ;    # The  
$d = new HTTP::Daemon and fork and getprint $d->url and exit;#spider
($c = $d->accept())->get_request(); $c->send_response( new   #in the
HTTP::Response(200,$_,$_,qq(Just another Perl hacker\n))); ' #  web
[download]

Ah.. <penny drops> now I' m begining to understand.

Being a windows user I am slowly understanding all of this stuff and the relationship with special variables and the underlying system.

I only added the eval bit as I got tired of having to manually convert $username = $params{'username'}; each time I wanted to display the username variable (again my own code which replaces tagged fields with variables and I was unable to get it to handle hash or list values but it was happy with scalars).

So 'taint' sounds interesting.. must do some reading about that :-)

 ___
/\__\ "What is the world coming to?"
\/__/ www.wolispace.com
[download]

I only added the eval bit as I got tired of having to manually convert $username = $params{'username'}; each time I wanted to display the username variable (again my own code which replaces tagged fields with variables and I was unable to get it to handle hash or list values but it was happy with scalars).

Huh? That's odd. This is Perl, not PHP, and you can use hash items in a string just like any other scalar. Just use the correct type of quotes, or no quotes for a bareword (= just like the name of a plain variable), or escape them with a backslash. Like this:

$params{'name'} = "Slim Shady";
print "My name is $params{'name'}\n";
print "My name is $params{name}\n";
print "My name is $params{\"name\"}\n";
[download]

All three work equally well.

If a variable were overwritten by a crazy, deranged or plain curious person, could that have more serious effect than stop the code from working?

Potentially, if crafted in malice, depending on what your code does with global variables. (Bear in mind also that the special variables are vulnerable under your implementation.) You could think through each and every global variable and each special variable to determine whether anything your script does could have bad effects if one of these variables holds a malicious value, or you could store the input in a hash and save yourself that effort. Running under taint mode would also help to curb this threat or at least make it much harder for anyone to exploit.

$;=sub{$/};@;=map{my($a,$b)=($_,$;);$;=sub{$a.$b->()}}
split//,".rekcah lreP rehtona tsuJ";$\=$ ;->();print$/
[download]