my $name = $cgi->param('name');
  my $query = "INSERT ... VALUES($name)";

##</code><code>##

  my $name = $cgi->param('name');
  my $query = "INSERT ... VALUES("
              . dbi->quote($name)
              . ")";