Your vulnerable to SQL injection attacks. For example, $script is not validated in

my $script = param('select') or ...;
...
$dbh->do("UPDATE guestlog SET script='$script' WHERE host='$host'");
[download]

Escape special characters within $script (and $host and $date) using $dbh->quote, or better yet, bind the arguments as shown here:

my $script = param('select') or ...;
...
$dbh->do("UPDATE guestlog SET script=? WHERE host=?", undef, $script, 
+$host);
[download]

The same applies to prepare. For example,

$sth = $dbh->prepare( "SELECT * FROM guestlog WHERE host='$host'");
$sth->execute();
[download]

becomes

$sth = $dbh->prepare("SELECT * FROM guestlog WHERE host=?");
$sth->execute($host);
[download]

By the way, this site uses iso-latin-1 (ISO-8859-1), not UTF-8. You'll have to use HTML entities such as &#xxxx; if you want to display characters outside of iso-latin-1. Unfortunately, those won't work within <code> tags.