sub escape_name {
   my $t = @_ ? $_[0] : $_;
   $t =~ s/`/``/g;
   return "`$t`";
}

my $table = 'sometable';
my @cols = qw( id name );
my @vals = qw( 3 somename );

my $stmt = "INSERT INTO "
         . escape_name($table)
         . " ("
         . join(', ', map escape_name, @cols)
         . ") VALUES ("
         . join(', ', (?) x @cols)
         . ")";

my $sth = $dbh->prepare($stmt);

$sth->execute(@vals);