My refrain (you didn't mention this!): turn on taint mode (add -T to your #!perl line, if it's 'traditional' CGI), and your script will die if you attempt to use untainted data in an unsafe manner. This will help enormously in figuring out what you need to do.

Philosophy can be made out of anything. Or less -- Jerry A. Fodor