my $foo = 'bar';

my $sql = qq{SELECT * FROM table_name where $foo = ?};
my $sth = $dbh->prepare($sql);
#...
$sth->execute($foo);