$sth = $dbh->prepare(
    'SELECT id, title, summary FROM  resource WHERE id = ?'
  );
  $sth->execute($filename);

##</code><code>##

<input name="search" type="text" value="<TMPL_VAR NAME='SEARCH'>" />

## or 

<input name='search' type='text' value='<TMPL_VAR NAME="SEARCH">' />