Just a quick comment- when you're writing CGI programs, it's a really good idea to use the -T command-line switch to enable taint checking:

#!/usr/bin/perl -Tw
[download]

Searching for "taint" here on Perl Monks will yield some good information. In terms of a regex to do some checking for you, The Camel ("Programming Perl", third edition) offers many suggestions in Chapter 23 ("Security"). Here's an example from the book that checks that $string contains only "word" characters:

if ($string =~ /^([-\@\w.]+)$/) {
  $string = $1;
}
else {
  die "Bad data in $string";
}
[download]

- robsv