my $sth = $dbh->prepare("SELECT * FROM customers WHERE name = '$name'");
$sth->execute();

# so what happens if:
$name = "O'Deary";
SELECT * FROM customers WHERE name = 'O'Deary'

# or even
$name = "Just another' or name = name or name = 'Perl hacker,"
SELECT * FROM customers WHERE name = 'Just another' or name = name or name = 'Perl hacker,"