$sql="Select * from table where column=?";
$rh=$dbh->prepare($sql);
$rh->execute($str);