Seems to me you're creating SQL statements directly, but consider this:

   UPDATE table SET foo = bar WHERE baz = boo
[download]

That probablyl isn't a valid SQL statement. However, this following might be:

   UPDATE table SET foo = 'bar' WHERE baz = 'boo'
[download]

Yep. Quotation. To overcome this, you should NOT try to quote these things by yourself. Instead, use placeholders:

   my $sth = $dbh->prepare(
     qq|UPDATE $table SET $field = ? WHERE id = ?|
   );
   $sth->execute( $value, $record );
[download]

Of course, this still wouldn't work if $field or $table contained some bad chars. So I personally REALLY REALLY am against using this type of dynamic SQL generation. Might as well write each one of them out, cause you're bound get fewer mistakes