my $_member  = param( 'member' );
  my $_group   = param( 'group' );

  # untaint 
  #(this was wrong at first.  Thanks to tye for catching my stupid error) :(
  my ( $member ) = $_member =~ /^(\d+)$/;
  my ( $group )  = $_group  =~ /^(\d+)$/;

  my $sql = 'INSERT INTO wbwc_roster(member, group, org) VALUES (?, ?, ?)';
  my $sth = $dbh->prepare( $sql );
  $sth->execute( $member, $group, $org ) or die $dbh->errstr;

##</code><code>##

group_id | group_name
---------------------
1        | admin
2        | programmer
3        | quality control
4        | manager