First off, you make your code more readable if you don't mix output in with the query processing / database writing part. Put the HTML elements at the end of the script, or better yet use HTML::Template or another templating module. Seperate out the Database operations and the query processing operations.

Second, read up on DBI recipes for answers to using placeholders.

good luck