I don't see a finish() call for the database statement handle. That could be a problem, even if the handle SHOULD be closed automatically when it runs out of scope.

And you have a real problem, because you really try hard to avoid DBI placeholders. You are building a gapping security hole called SQL injection, and you sabotage any caching that MySQL may attempt. Build and prepare() the statement once, then call it repeatedly passing all variables to execute(), and finally finish() it.

Alexander