my $sql = $dbh->quote($foo);
$dbh->do($sql);

##</code><code>##

my $sth = $dbh->prepare("INSERT INTO foo (bar, baz, quux) VALUES (?, ?, ?)");
$sth->execute($bar, $baz, $quux);