my $sth = $dbh->prepare("SELECT * FROM foo WHERE bar='$baz'");
$sth->execute;

##</code><code>##

my $sth = $dbh->prepare("SELECT * FROM foo WHERE bar=?");
$sth->execute($baz);

##</code><code>##

{
	package ChristianDatabase;
	
	use Moose;
	
	has database_connection => (
		is         => 'ro',
		isa        => 'Object',
		lazy_build => 1,
	);
	
	sub _build_database_connection
	{
		DBI->connect("dbi:mysql:christianDatabase", "xxxacctxxx" , "xxxpassxxx") or die
	}
	
	sub add_comment
	{
		my ($self, $comment, $username) = @_;
		die "not implemented yet";
	}
	
	sub make_comment_record
	{
		die "not implemented yet";
	}

	sub check_comment_record
	{
		my ($self, $MNid) = @_;
		my $sql = "SELECT mnref FROM comment_record WHERE mnid=?";
		my $ccr = $self->database_connection->prepare($sql);
		$ccr->execute($MNid) or die "$!";
		return $ccr->fetchrow_array;
	}
	
	sub add_new_news
	{
		my ($self, $newsHeading, $fullText, $NewsPhoto, $url) = @_;
		my $newsid = new_News();  # new_News isn't defined anywhere!!
		my $sql = q{
			INSERT INTO news (news_heading, full_text, news_photos, url, date, newsID)
			VALUES (?, ?, ?, ?, NOW(), ?)
		};
		my $addNews = $self->database_connection->prepare($sql);
		$addNews->execute(
			$newsHeading,
			$fullText,
			$NewsPhoto || '',
			$url,
			$newsid,
		) or die "$!";
		return $newsid;
	}
}

# Example usage...

my $db = ChristianDatabase->new;
$db->add_new_news(
	"This is a News Story",
	"It's really quite an interesting one.",
	undef,
	"http://www.example.com/",
);