In addition to what the others have said, I'd like to point out a huge security hole. I've reformatted the code for clarity, but the following is logically equivalent to what you have:

my $dbh = DBI->connect(
    'DBI:mysql:*********', 
    '*****', 
    '*****', 
    {RaiseError => 1 , AutoCommit => 1}
) || die "Can't Connect: $!";

my $sth = $dbh->prepare(<<END_SQL);
    UPDATE inventory 
    SET img="$short_name", thumb="$short_tname" 
    WHERE partno="$img_name";
ENDSQL
$sth->execute;
[download]

Never allow user to be able to send data directly to the database like this. If you do, you open yourself up to SQL injection attacks where the attacker can insert their own SQL and run it arbitrarily against the server. You can protect against this by using the $dbh->quote method on the variables before you insert them. However, a cleaner strategy is to always use placeholders:

my $sth = $dbh->prepare(<<END_SQL);
    UPDATE inventory 
    SET    img = ?, thumb = ? 
    WHERE  partno = ?;
ENDSQL
$sth->execute($short_name, $short_tname, $img_name);
[download]

Read "Placeholders and Bind Values" in the DBI documentation for more information.