This line...

$dbh->do('INSERT INTO users (name, day, phone) VALUES($name, $day, $nu
+mber)');
[download]

...makes two mistakes; one related to syntax and semantics, the other related to best practices. First, it's using single quotes but expecting interpolation. You use double quotes when interpolation is intended.

my $bill = 'Text plus $ted'; # no interpolation.  
my $bill = "Text plus $ted"; # Interpolation occurs.
[download]

Second, and really more importantly, it's not using placeholders / bind-values. Do it like this:

my $sth = $dbh->prepare('INSERT INTO users (name, day, phone) VALUES(?
+,?,?)' );
$sth->execute( $name, $day, $number );
[download]

Placeholders and bind-values are described in the documentation for DBI. Their most important function is to prevent SQL injection attacks. They also protect you from unintentional interpolation which may not be malicious, but may be problematic nevertheless.