Thanks tadman, that's a nice WTDI. I do validate every CGI param coming from the user before I stick it into the database. That way I can warn them and give them another shot at getting it right.

if ($prm{'name'} =~ s/[^\w \-]//g) {
    $warning .= '<LI>Illegal characters were removed from your Login N
+ame. Only letters, numbers, spaces, underscores and dashes are allowe
+d.';
    }
[download]

Your way is more elegant though. Gives me something to think about.
--
man with no legs, inc.