Add some basic debugging code to your script that prints out the value of $cat
(and any other variable) before using it. I would suspect that this variable is not being properly set prior to being used in this query.
And note that the placeholder suggestion is also one of safety: if you are using variables that are provided by the user directly in your SQL, keep in mind that users can put single-quotes and SQL code in this variable and execute arbitrary queries against your database through insecure code like this.
use strict and taint-checking (perl -wT) when dealing with potentially unsafe data and Perl will (usually) get your attention when you try and do something that someone else could exploit.