$sth = $dbh->prepare ("INSERT INTO testimonial VALUES(?,?,?,?,?)") 
   or die "prepare: $stmt: $DBI::errstr";
$sth->execute ('',$name, $email, $testimonial,'') 
   or die "execute: $stmt: $DBI::errstr";

##</code><code>##

my %sql_data = (
   id	      => "",
   aptname     => $query->param('aptname'), 
   aptnumber   => $query->param('aptnumber'), 	
   available   => $query->param('available'),		
   onwaiting   => $query->param('waitinglist'),		
   appliedfor  => $query->param('occupied'),			
   applicant   => $query->param('occupantname'),		
   description => $query->param('aptdescription'),
);
		
my $sql = q/INSERT INTO apartments (/.join(',', keys %sql_data).q/) 
   VALUES (/.join(',', ('?') x keys %sql_data).q/)/;
   
$sth = $dbh->prepare($sql) or die "prepare: $stmt: $DBI::errstr";
$sth->execute(values %sql_data) or die "execute: $stmt: $DBI::errstr";

##</code><code>##

$sth = $dbh->prepare ("UPDATE testimonial SET 
   name     = ?,
   email    = ?, 
   quote    = ?,	
   approved = ? WHERE id = $id") or die "prepare: $stmt: $DBI::errstr";
		
$sth->execute ($name, $email, $testimonial, $approved) 
   or die "execute: $stmt: $DBI::errstr";

##</code><code>##

use Validate;
my (@errors);
my $name = Validate->alphanum ($query->param('name'));
   push @errors, "Empty or invalid characters in Name\n" unless $name;

if (@errors) { ...do something... }

##</code><code>##

package Validate;
sub alphanum {
   my ($class, $value) = @_;
   return unless $value =~ /^([A-Za-z0-9 -]*)$/;
   return "$1";
}
1;