$SQL='select * from table where :name=:value';
$SQL=~s/:(\w+)/$data{$1}/g;

##</code><code>##

$sth = $dbh->prepare('select * from table where name=?');
$rv=$sth->execute($data{name});