#### added call to $dbh->quote

my $col_spec = join ',', sort keys %data ;
my $val_spec = join ',',
               map  { $dbh->quote( $data{$_} ) }   ### here
               sort keys %data;
my $sql      = "insert into my_table ($col_spec) values ($val_spec)";

#### or with placeholders:

my $col_spec = join ',', sort keys %data;
my $val_spec = join ',', ('?') x keys %data;
my $sql      = "insert into my_table ($col_spec) values ($val_spec)";

$dbh->prepare($sql)
    ->execute( map { $data{$_} } sort keys %data );