my $name = param('name');
my $sth = $dbh->prepare("SELECT foo, bar FROM $pictures_table WHERE stats = ? AND poster_name = ?");
$dbh->execute(2, $name);