I've been very successful using Data::FormValidator along with CGI::Application::ValidateRM and HTML::Template. With these it becomes a breeze to write custom validations and untainting routines , return specific, customized, and context specific error messages.

What's more, the HTML template system allows the designer to position and style the error message. Also, the custom error messages can be kept in seperate file for easy editing (I use Config::General for loading and reading the file). My error config file looks like this:

<msgs>
   any_errors      = err__
   prefix          = err_
   <constraints>
       OK_dn_unique  = Domain name already used within Citigroup
       OK_dn         = Badly formed domain name
       OK_words      = Illegal character in string
       OK_chars      = Illegal character or space in string
       OK_sql        = Illegal SQL character in string
       OK_phone_chars = Illegal phone character(s) or format
       OK_int        = Illegal integer
       OK_date       = Illegal date character(s) or format
       OK_email      = Illegal email format
   </constraints>
</msgs>
[download]

The key of the constraints hash in the function name of the constraint. Details are explained clearly in the validateRM docs. Here's an example validate/untaint function I wrote (note how simple it is):

sub match_OK_phone_chars {
    my $val = shift;
    if ( $val =~ /^([-\d. \(\)]{10,}[extEX .-\d]*)$/    ) {
        return $1;
    }
    else { return undef; }
}
[download]

I highly recommend using these modules.

-------------------------------------
Nothing is too wonderful to be true
-- Michael Faraday