I know this isn't very Perl-ish, but I rely heavily on client side forms validation, not so much to prevent abuses (what self respecting hacker doesn't know how to get around JavaScript?) but to prevent honest mistakes as early as possible.

So something like

<SCRIPT>
var Ok2submit=true
</SCRIPT>
<FORM method=post action="foo.pl" onsubmit="return Ok2submit">
<TEXTAREA name="foo" 
onchange="if(this.length>512){Ok2submit=false;alert('you are too verbo
+se, my child!')}"></TEXTAREA>
</FORM>
[download]

Of course, I also check for these things much in the way you mention on the server side -> trust in God, but lock your car doors.