You have a variable that holds a string that contains an embedded quote. You then interpolate that variable into another string, which holds the beginning of an SQL query. You end up with extra quotes in the SQL, rendering it syntactically invalid. The execute() fails, which you aren't detected because you're not checking. Since it returns undef, the code is going to blow a few lines later.

The solution to this is really simple. It's already in your code. Use query parameters, and pass the values you want to bind to the parameters to execute(), which will automagically escape any embedded single quotes (or other characters that need escaping). Check() does this. Why doesn't Insert()?

Add some error checking while you're at it.