No mention of taint mode, you had to untaint all data coming from user. By comparing to fixed string or convert to number or filter through regexp at least. If this were more broadly adopted, would save everyone so many headaches.