See also a recent thread in Meditations: Security techniques every programmer should know.
It's important to match all user input a gainst some form of a whitelist.