my $sth = $dbh->prepare("SELECT * FROM foo WHERE bar = ?");
$sth->execute("my 'scary variable here';");