You might want to take a look at CGI::Untaint, which will help you make sure you're not overlooking checking the validity of any of the input parameters by using Perl's tainting mechanism.

CGI::Untaint was nicely introduced in Perl Advent Calendar 2003.

-- saintmike