# Sanitize form input using CGI.pm
# To prevent XXS & SQL injections:

# New CGI object
my $query=new CGI;

# Get all param keys
my @params=$query->param;

# Traverse the keys
foreach my $p (@params){
   # Remove HTML tags and all slashes before '
   my $v=clean(detag($query->param($p)));
   $query->param(-name=>$p, -value=>$v);
}

sub clean{       
   my $str=shift;   
   $str=~s|'|\'|g; 
   return $str;
}

sub detag{                 
   my $str=shift;
   $str=~s|<[^>]+>||g;
   return $str;       
}