I'm surprised nobody else came right out and said this yet: Your code is vulnerable to SQL injection. You should never interpolate Perl variables into SQL because DBI gives you a placeholder system that solves the problem the right way. Write your query with "?" for each value and then plug the values into the execute call.