my $sql = "SELECT city FROM table WHERE state = ?";
  my $sth = $dbh->prepare($sql);
  $dbh->execute($FORM{state});