# Put question mark here for your placeholder
my $sql = "SELECT * FROM users WHERE id = ?";

my $statement = $db_handle->prepare($sql)
        or die "Couldn't prepare query '$sql': $DBI::errstr\n";

# Put your $scalar here to be interpolated 
$statement->execute($user)
        or die "Couldn't execute query '$sql': $DBI::errstr\n";