my $cols = ( foo => 'foo', bar => 'bar', baz => 'baz' );
my $tbls = ( parts => 'parts', table2 => 'table2' );

my $inp_col = <USER>;  # get data from untrusted sources
my $inp_tbl = $ENV{TABLE};

if ( exists( $cols{$inp_col} ) and exists( $tbls{$inp_tbl} ) {
   my $sql = "select $cols{$inp_col} from $tbls{$inp_tbl}";
   # now it's safe to run the query...
}