Use CGI's param method to do the parsing of input. Your code fails on a GET method.
Define a limit on how much data you are willing to accept, or the CGI will happely eat as much data as a client is willing to feed you.
Use DBI place holders. This will take care of quoting, and (baring unrevealed bugs in the DBI) eliminate all possible SQL injection hacks.
Don't use "false" values in your database to signal anything special. That's what NULL values are for. (Note that in your code, you will insert "false" even if the client has set a value to "0", or an empty string).
Don't go formatting your own dates to stuff them into the database - use your databases' timestamp feature. And if you need to format times for something else, just use POSIX::strftime. Your entire block of code to format the date could have been written as:
use POSIX;
$date = POSIX::strftime("%A, %B %e, %Y at %T", localtime);