Bloody excellent, anon.

I never would have figured to do that clever trick. I tested it and it worked like a charm.

However I changed a few things from your suggested code to get exactly what I needed. I'm including them here in case others might want to use this ingenious tactic.

I reverted to my original regexp constraint for the userid_untaint constraint because I wanted users to know that they had entered invalid characters and didn't want the password silently changed, because then they wouldn't be able to log back in using their original password.

As well, I changed $q->param( userid_untaint => 'dummy junk' ); to $q->param( userid_untaint => $q->param('userid')); and took out the dependancy. Then I added both userid and userid_untaint to the required list. This way, the userid_untaint (I must change the name to something like userid2 or some such) becomes like an additional variable to be tested.

I'll ++ you tomorrow when I have some votes. Its a shame you are anon, because your excellent idea should be recognized.

Why can't you untaint and check your database at the same time?

I wanted a clear separation between each test to make it easier to send messages to the user and to make my code more maintainable. I included only a snippet of code in my OP, however, there are many more tests, including passord confirmation, email validation, etc. I am trying to take full advantage of the power of the D::FV module.

Many thanks,

Anne