in reply to What's your favourite method of untainting?

I thought the whole point of running in taint mode in the first place was to remind yourself to sanity-check all the user input and ensure it doesn't have any bizarroid stuff in it that you didn't expect, and that the recommended best practice was to combine untainting with validating, as in
($num) = $num =~ /(\d+)/; ($str) = $str =~ /([A-Za-z0-9_-]+)/;
i.e., everything not specifically allowed is verboten.