You can't stop people (or scripts) from submitting forms to a CGI script and you can't stop them from putting whatever they want in those forms. You *can* (and should) check all input from forms and validate it against what you expect it to be and only accept forms with valid input.