There doesn't appear to be anything fundementally wrong with your code, though you may want to look into DBI->quote() for quoting strings. Also, use strict and warnings.

For debugging, I've found DBI->trace([1-4]) very useful as well. If you are running this as a cgi, it will spit all kinds of useful information to the error log.

