my $state_id = $params->{state_id};

#untaint $state_id somehow

$table->exec_query('
    SELECT city
    FROM speedtrap
    WHERE state.id = ?
',[$state_id]);