# 1st prepare the SQL with placeholders
$sth = $dbh->prepare(qq{
  INSERT INTO Comment (
    Field1, Field2
  ) VALUES (
    ?,?
  )
}) or die("Failed to prepare ".$DBI::errstr);

# now execute what you've prepared with the variables
$rv = $sth->execute($val1,$val2)
    or die("Failed to execute ".$DBI::errstr);