While using a package for an additional name-space is a good use of packages, I disagree with the practice of ever using symbolic references to create variable names from input that came from the outside world (ie, CGI).

You're doing two of the most dangerous possible things in one fell swoop: using symbolic refs, and taking user input. The latter cannot be avoided, but striking matches in the vicinity of gasolene really is not the safest way to illuminate the inside of the gas can.

You will save yourself a lot of headaches by taking a few minutes to read the following three eye-opening links:

• http://perl.plover.com/varvarname.html
• http://perl.plover.com/varvarname2.html
• http://perl.plover.com/varvarname3.html

And for a quick reminder of just how bad things can get if you botch web-security: Company hacks through my Perl's Website Security hole.

One of the best ways to handle CGI parameters is to use the CGI.pm module's param() method, and store your parameters in a hash.