use constant COLUMNS => [qw(Consign ISBN Price Title Author Subject)];

my $regex = join '|', @{COLUMNS()};

my ($search) = $q->param('search') =~ /^${regex}$/;
die 'Bad search criteria' unless defined $search;
##</code><code>##

my $statement = qq{
  SELECT *
    FROM onshelf
   WHERE $search LIKE ?
};

my $sth = $dbh->prepare($statement);
$sth->execute("%$criteria%");
##</code><code>##

$sth->bind_columns(\my($consign, $isbn, $price, $title, $author, $subject));