foo';DROP TABLE press_release;SELECT * FROM press_release WHERE header='foo

##</code><code>##

SELECT id FROM press_release WHERE header = 'foo';
DROP TABLE press_release;
SELECT * FROM press_release WHERE header='foo'

##</code><code>##

$header    = $dbh->quote( $header );

# note the *lack* of single quotes around $header
$header_id = $dbh->prepare("SELECT id FROM press_releases WHERE header = $header");