The solution is the appropriate use of quotemeta (aka \Q..\E) for eval and $dbh->quote_identifier for prepare.

The OP's code is needless complicated as JavaFan pointed out, so I'll apply the solution to his code:

my %memberRecord = ...;

my @cols = keys   %memberRecord;
my @vals = values %memberRecord;

my $stmt = do {
    local $" = ", ";
    my @q_cols = map $dbh->quote_identifier($_), @cols;
    my @params = ('?') x @cols;
    "INSERT INTO $tableName (@q_cols) VALUES (@params)"
};

my $sth = $dbh->prepare($stmt);
$sth->execute(@vals);
[download]

Thanks. A quick test confirms that at least a single quote in a column name is covered with the proposed fix. I will investigate more, but I think I'm on the right track now thanks to all.