package My::Application;
    use strict;
    use DBI;
    use CGI;

    sub new {
        my $class = shift;
        my $q     = CGI->new;

        my %data  = map { $_, [ $q->param($_) ] } $q->param;

        my $href  = {
            _dbh  =  connect_routine(),
            _data = \%data
        };
        bless $href, $class;
    }

    sub form_data {

        # remember that all data returned from this is tainted!!!!
        my ( $self, $item ) = @_;
        if ( ! exists $self->{ _data }{ $item } ) {
            return undef;
        } elsif ( wantarray ) {
            return @{ $self->{ _data }{ $item } };
        } else {
            return $self->{ _data }{ $item }[0];
        }
    }

    sub get_user_info {
         my ( $self, $id ) = @_;

         # Note the placeholder .. greater security
         my $sql = "SELECT first, last FROM users WHERE id = ?";
         my $sth = $self->{ _dbh }->prepare( $sql );
         my $rc  = $sth->execute( $id );
         .
         .
         .
    }