my $name = "; DROP DATABASE mysql;";
my $sth = $dbh->prepare("INSERT INTO names (name) values ('$name')");
$sth->execute;

##</code><code>##

my $name = "; DROP DATABASE mysql;";
my $sth = $dbh->prepare("INSERT INTO names (name) values (".$dbh->quote($name).")");
$sth->execute;