my $sth = $dbh->prepare("SELECT * FROM foo WHERE bar = ?");
$sth->execute("my 'scary variable here';");

##</code><code>##

$dbh->do("SELECT * FROM foo WHERE bar = " . "my scary 'variable here';");