use strict;
use CGI;

my ($cgi, $key, %IN); 

$cgi = new CGI;
%IN = $cgi->Vars; #%IN = (param1 => value1, param2 => value2 , etc..);

##</code><code>##

if (defined $IN{location}) {
   $where .= "AND (location = '$IN{location}[0]'";
   for my $i (@{$IN{location}}) { $where .= "$i" };
   $where = "$where)";
}
##</code><code>##


delete $IN{somekey};
delete $IN{somekey1};
delete $IN{somekey2};
delete $IN{somekey3};

$IN{somekey4} = "someval";

foreach $key (keys %IN) {
        $keys[$i] = $key;	
 	    $value = $IN{$key};
	    $value = $dbh->quote($value); #removes quotes from the values
        $values[$i] = $value;	
	    $i++;
}

my $key_string = join(',',@keys);  #joins array elements, and status and adds a comma 
my $value_string = join(',',@values");   #joins array values, and status, and adds a comma

$sql = "$function $tablename ($key_string) values ($value_string)";
$sth = $dbh->prepare($sql);
$sth->execute();