use DBIx::XHTML_Table;

my $table = DBIx::XHTML_Table->new($dbh);

$table->exec_query("SELECT city FROM speedtrap WHERE $FORM{state}");

print $table->output;

##</code><code>##


my $state_id = $params->{state_id};

#untaint $state_id somehow

$table->exec_query('
    SELECT city
    FROM speedtrap
    WHERE state.id = ?
',[$state_id]);