$table =~ tr/A-Za-z0-9_//cd;
  my @fields = keys %columns;
  my @values = values %columns; # or @columns{@fields}
  my $sql = "INSERT INTO $table ("
      .join(", ", @fields)
      .") VALUES ("
      .join(", ", ("?") x @fields)
      .")";
  my $sth = $dbh->prepare($sql) || die $DBI::Errstr;
  $sth->execute(@values) || die $DBI::Errstr;