Placeholder
                                                    v
my $sql = "INSERT INTO my_table (col_string) VALUES(?)";
my $sth = $dbh->prepare($sql);
     ^
  Prepared statement