ok. thanks everybody.
it looks like this is going to be a lot more effort than I thought it would be. pity and surprising. there should be a complete set of everything that can 'escape' into the sandbox---backquotes, system(), fopen(), etc.---or, better yet, a complete set of features known not to escape. all I wanted is a clear subset with string manipulation, numerical functions, STDOUT, and basic variables, and a set of functions I would enumerate as 'safe'. if that had existed, I could have sanitized the first user input, and then passed it to 'eval'. it may still be simpler to do this than to write my own little language.
next, I will check out SafeEval, as described in http://www.daniweb.com/software-development/perl/code/216821