First, you need to understand that you can't assemble a WHERE clause by plugging an expression into a placeholder (except in certain obscure cases where the underlying database doesn't really support prepare). You can only safely bind discrete values.

Try something like this:

  my $str = $dbh->prepare(
      "UPDATE Volunteer " .
      "SET Volunteer = ? " .
      "WHERE Date = ? AND Volunteer = 'TBD' AND Number = ?"
  );
  my $rv = $sth->execute($status, $date, $id);
[download]