This produces a txt file with html formatting to be included via SSI

What I would like to do is:
• Keep the script as simple as possible
• Improve security
• Keep the txt file this produces as small as possible
• Avoid whitespace as a username
• Gather Ideas that have not occurred to me as yet

I do know that using -T will do some security checking, but is there anything else I should add?
I have been given suggestions in the CB, but it's sometimes difficult for me to follow all of them, change and test code and get back to the CB to catch the rest of the comments.

The CGI script:

#!/usr/bin/perl -Tw
use strict;
use CGI;
use CGI::Carp 'fatalsToBrowser';
use Fcntl ':flock';
use POSIX qw(strftime);

my $now = strftime "%b %e", localtime;
my $q = new CGI;
my $user = length $q->param('user') ? $q->param('user') : "Anonymous";
$user = $q->escapeHTML($user);
my $message = $q->param('comment');

if ($message){ # Avoid posting blank messages
  open FH, "+</var/www/html/comment.txt" or die "Oops: $!";
  flock (FH,LOCK_EX) or die "Couldn't flock: $!";
  my  @comments = <FH>;
  seek (FH ,0,0);
  truncate (FH,0) or die "No can do: $!";
  print FH "<br><b>On $now, $user added this bit o' wisdom:</b><br>$me
+ssage<br><hr>\n";
  print FH @comments;
  close FH;
}

print $q->redirect('http://server.com/index.shtml');
[download]

This produces a comment like

On Nov 17, Zecho added this bit o' wisdom: Here's my comment, yes it's a little boring, but it's a comment.

Oh, and on a side note <coed> tags do not work. :)

---

---

Posts are HTML formatted. Put <p> </p> tags around your paragraphs. Put <code> </code> tags around your code and data!

Titles consisting of a single word are discouraged, and in most cases are disallowed outright.

Read Where should I post X? if you're not absolutely sure you're posting in the right place.

Please read these before you post! —

• How do I compose an effective node title?
• How do I post a question effectively?
• Markup in the Monastery

Posts may use any of the Perl Monks Approved HTML tags:

a, abbr, b, big, blockquote, br, caption, center, col, colgroup, dd, del, details, div, dl, dt, em, font, h1, h2, h3, h4, h5, h6, hr, i, ins, li, ol, p, pre, readmore, small, span, spoiler, strike, strong, sub, summary, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, wbr

You may need to use entities for some characters, as follows. (Exception: Within code tags, you can put the characters literally.)

	For:		Use:
	&		&
	<		&lt;
	>		&gt;
	[		&#91;
	]		&#93;

Link using PerlMonks shortcuts! What shortcuts can I use for linking?

See Writeup Formatting Tips and other pages linked from there for more info.