my $sql = "select blargh from foo where bar = '".$bar_value."'";
my $bar_value = param('bar');
my $sth = $dbh->prepare($sql);

##</code><code>##

"somevalue'
union
select blech from some_really_big_table
where some_unindexed_column = 'blah"
#or
"somevalue'
and some_field in
(select field
from some_other_really big table)
and bar = 'somevalue"