As the others have said, yes, don't interpolate any of those variables into the SQL. If you find you want to use placeholders in places where they are not supported, like say table names (which is pretty uncommon anyway!), then you may want to look at SQL::Abstract.

use SQL::Abstract;
my $sql = SQL::Abstract->new;
my $table = 'Web_Page';
my ($stmt, @bind) = $sql->insert($table, { template => $request,
        test => $test, source => $data{source},
        Visitor_idVisitor => $cookie{_ls_visit} });
my $sth = $dbh->prepare($stmt);
$sth->execute(@bind);
[download]