It is not far wrong to say, “categorically,” that if you are using string variables to construct SQL queries in this way, “it is the kiss o’ death.”   Query parameters have to be parameters.   The logic needs to pass Test::Taint with flying colors.

I wish I knew more about what “aXML” actually is, to better understand where this package is trying to go ... to better understand what problem or requirement it is trying to address ... why it is cool.   I quite honestly don’t.