in reply to
Never, never, never
A couple more for you (with merlyn's clarification), based on what I've learned over the years:
- Never use programs from Matt's Script Archive? (technically, this goes into the whole 'never run something without understanding what it's doing' category)
- Never assume that a file/socket/db handle/whatever opened successfully
- Never write your own CGI parsing routines without a really good reason to avoid CGI or CGI::Lite
- Never use the single argument form of exec or system
- Never test for taint by looking for known bad characters. (instead, look if there are any characters that aren't known to be good).
- Never pass input to exec or system without first checking for taint.
- Never assume that e-mail happens immediately, or reliably.
- Never trust a Sicilian when death is on the line
- Never waste time optimizing your code before you know where the real bottlenecks are. (see Optimization: Your Worst Enemy and Premature Opmization)
- Never assume that what you're writing is going to be short lived (unless you delete it immediately after writing it).
- Never forget the importance of descriptive, unambiguous variable, function, and package names, or the importance of comments and documentation
I'll probably have more to add later....