The way you're doing things, you're not using placeholders. You're hard coding the values into the SQL string (which is bad, for many reasons). Unless all of the values are numbers, or already quoted and escaped, it'll fail horribly.

I'd suggest the following (and as with BrentDax, I'd recommend looking at the string you're creating when you have errors).

my @fields = sort keys %prophash;
my $sql = 'INSERT INTO maintable ('.join(',',@fields)
    .') values ('.join(',',('?')x(scalar @fields)).')';
my $sth = $dbh->prepare($sql)
    or die "Can't prepare statement\n\n$sql\n\n$dbh->errstr()";
$sth->execute(@prophash{@fields})
    or die "Can't execute statement : $db->errstr()";
[download]

Yes, the sort may seem extraneous, but it'll make it so your sql statements are more likely to be consistent between systems, and so have its execution plan cached.