How to filter out unwanted characters in PERL strings?

[S0ld13r Fr0m H311]

I am creating a web page for a small job, they want a one page web site, I chose PERL because they were running IIS and had PERL installed, I have the function set up to show the pages, but to prevent hackers to get into the site and look at confidential files, I want to know how to filter out bat characters, I know you have to use the split() command to cut the $ENV{QUERY_STRING} and manually search for all the characters manually with a for loop and an array with all the unwanted characters in it like <!--#exec cmd="del /"--> or http://ad.goddie.org/ and make the security compromised, what I need to know is how to stop special characters and let the plain text characters through. I tried to do that, but it did not work with my IIS server and the error was:

The specified CGI application misbehaved by not returning a complete set of HTTP headers. The headers it did return are "Final $ should be \$ or $name at C:\IIS\internet.pl line 6, within string syntax error at C:\IIS\internet.pl line 6, near ","$"" Execution of C:\IIS\internet.pl aborted due to compilation errors. ".

and the source code was

#!usr/bin/perl
print "Content-type: text/html \n\n";

@q = split("/ &/",$ENV{QUERY_STRING});
@qq = split("/ QWERTYUIOPASDFGHJKLZXCVBNMqwertyuiopasdfghjklzxcvbnm1234567890`~!@#$%^&*-+/|;:\"\'?/",$ENV{QUERY_STRING});
@unallow = ("!","@","#","$","%","^","*","(",")","<",">","|","\",":");
$s = scalar @q;
$s2 = scalar @unallow;
$s3 = scalar @qq;
$z = 0;
for ($y=0;$y<=$s3;$y=+1)
{
while ($z<=$s2)
{
if($qq[$y] == $unallow[$z])
{
delete($qq[$y]);
}
$z=+1;
}
}