I've updated my script, how does this look? Did I use the DBI placeholder correctly, will I be immune from SQL injection attacks?

Thanks for everyones help, I couldn't of done it without your support. 

#!/usr/bin/perl -wT

use DBI;
use strict;
use CGI;
use POSIX 'strftime';

my $q = CGI->new();
my $sth;


my $state =        $q->param ('state');
my $city =        $q->param ('city');
my $locationname =    $q->param ('locationname');
my $referencename =     $q->param ('referencename');
my $lat_deg =        $q->param ('lat_deg');
my $lat_min =        $q->param ('lat_min');
my $lat_sec =        $q->param ('lat_sec');
my $long_deg =        $q->param ('long_deg');
my $long_min =        $q->param ('long_min');
my $long_sec =        $q->param ('long_sec');
my $xcoord =        $q->param ('xcoord');
my $ycoord =        $q->param ('ycoord');
my $ttime =        $q->param ('ttime');
my $level =        $q->param ('level');
my $radar =        $q->param ('radar');
my $laser =        $q->param ('laser');
my $vascar =        $q->param ('vascar');
my $airplane =        $q->param ('airplane');
my $photo =        $q->param ('photo');
my $roadblock =        $q->param ('roadblock');
my $redlight =        $q->param ('redlight');
my $unknown =        $q->param ('unknown');
my $comments =        $q->param ('comments');
my $email =        $q->param ('email');
my $name  =        $q->param ('name');

my $date = strftime("%A, %B %d, %Y at %H:%M:%S", localtime() );

##Set Radar Technology################################################
+##########
# If technology type isn't selected, it needs to be set to false.
if (!$q->param ('radar')) {$radar = "false"};
if (!$q->param ('laser')) {$laser = "false"};
if (!$q->param ('vascar')) {$vascar = "false"};
if (!$q->param ('airplane')) {$airplane = "false"};
if (!$q->param ('photo')) {$photo = "false"};
if (!$q->param ('roadblock')) {$roadblock = "false"};
if (!$q->param ('redlight')) {$redlight = "false"};
if (!$q->param ('unknown')) {$unknown = "false"};
######################################################################
+##########


##Start database connections##########################################
+##########
my $database = "database";
my $db_server = "localhost";
my $user = "user";
my $password = "password";

##Connect to database, insert statement, & disconnect ################
+##########
my $dbh = DBI->connect("DBI:mysql:$database:$db_server", $user, $passw
+ord);


my $statement = "INSERT INTO trap1 (state, city, locationname, referen
+cename, lat_deg, lat_min, lat_sec, long_deg, long_min, long_sec, xcoo
+rd, ycoord, ttime, level, radar, laser, vascar, airplane, photo, road
+block, redlight, unknown, comments, email, name, date_added) VALUES (
+?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?)";

   $sth = $dbh->prepare($statement) or die "Couldn't prepare the query
+: $sth->errstr";

my $rv = $sth->execute($state,$city,$locationname,$referencename,$lat_
+deg,$lat_min,$lat_sec,$long_deg,$long_min,$long_sec,$xcoord,$ycoord,$
+ttime,$level,$radar,$laser,$vascar,$airplane,$photo,$roadblock,$redli
+ght,$unknown,$comments,$email,$name,$date) or die "Couldn't execute q
+uery: $dbh->errstr";

my $rc = $sth->finish;
   $rc = $dbh->disconnect;
######################################################################
+##########

print "Content-type: text/html\n\n";

print $q->redirect('http://www.site.com/index.html');

[download]

In reply to Re^2: Hacker Proofing My First Script by awohld
in thread Hacker Proofing My First Script by awohld

Title:
Use:  <p> text here (a paragraph) </p>
and:  <code> code here </code>
to format your post, it's "PerlMonks-approved HTML":


  • Posts are HTML formatted. Put <p> </p> tags around your paragraphs. Put <code> </code> tags around your code and data!
  • Titles consisting of a single word are discouraged, and in most cases are disallowed outright.
  • Read Where should I post X? if you're not absolutely sure you're posting in the right place.
  • Please read these before you post! —
  • Posts may use any of the Perl Monks Approved HTML tags:
    a, abbr, b, big, blockquote, br, caption, center, col, colgroup, dd, del, details, div, dl, dt, em, font, h1, h2, h3, h4, h5, h6, hr, i, ins, li, ol, p, pre, readmore, small, span, spoiler, strike, strong, sub, summary, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, wbr
  • You may need to use entities for some characters, as follows. (Exception: Within code tags, you can put the characters literally.)
            For:     Use:
    & &amp;
    < &lt;
    > &gt;
    [ &#91;
    ] &#93;
  • Link using PerlMonks shortcuts! What shortcuts can I use for linking?
  • See Writeup Formatting Tips and other pages linked from there for more info.