my $dbh = DBI->connect( "dbi:Oracle:host=$host;sid=$sid",
                        $user, $passwd );

# The "?" is what's called a placeholder
my $sql = 'SELECT * FROM table WHERE x = ?';
my $sth = $dbh->prepare( $sql );
$sth->execute( $search_value_of_x );

while ( my $row = $sth->fetchrow_hashref() ) {
    # $row->{field} has the value in that field for this row
}