An HTML <form>, no matter what it “looks like” to the end-user, ultimately consists of a whole bunch of <input> tags of various kinds (including “hidden” and “button”).   Each <input> has a name that you give it, and a value that the user enters.   When the user hits any of the buttons in the form, the browser assembles a bunch of name=value pairs and submits them to wherever the form says they should all go.

What your Perl program receives, then, is a bunch of those pairs.   Make of them whatever you can.   You do this by encoding information somehow into the name and using it to understand the value.

The trick is, though ... (“Bobby Tables”) ... you must not trust anything that the browser sends you.   In particular, you must not merely “incorporate it, verbatim, into an SQL command.”

A web browser always assumes that you are right.   If you are not right (i.e. mal-formed HTML...), the browser either ignores you or it “makes do with what it’s got.” HTML, also, is very generous.   You can have a bunch of buttons in the same form, all with the same name and value.

By far the easiest way to sort these things out is to use a browser-side debugger like Firebug.   This lets you conveniently s-e-e exactly what the host is sending, and exactly what the browser is sending back.