$sth = $dbh->prepare("INSERT INTO walstock (sid, name, qty) VALUES (?,?,?)");
# ok, we have 3 placeholders, pass 3 params to the execute function.

if ($sth->execute('DEFAULT', $Data1, $Data2)) {
  print "Worked, cool";
}
else {
  print "Didn't work, uncool, error is: $DBI::errstr";
}

##</code><code>##

# we expect $user_id to be a user_id, but we dont' check it.
$dbh->prepare("DELETE FROM foo WHERE user_id=$user_id");
# looks good, except, the user submitted as the value for user_id: 10 or 1=1
# so we end up with, "DELETE FROM foo WHERE user_id=10 or 1=1
# which in effect, deletes everything, because 1 always equals 1