I posted a similar question to this once. . . Taking the great advice ehdonhon gave me, along with suggestions given above by blakem, Abigail-II, and Ryszard, you could come up with something like this:

push(@where_array, 'item1 = ?');
push(@params, $item1);
push(@where_array, 'item2 = ?');
push(@params, $item2);
push(@where_array, 'item3 = ?');
push(@params, $item3);

my $select = join(', ',@select_array);
my $where  = join(' and ',@where_array);

my $script = "SELECT $select FROM table WHERE $where";
. . . 
$sql->execute(@params);
[download]

This works the same way as the examples above, with the added benefit of placeholders. If the items in your where clause are coming from user input (especially a CGI), you'll definitely want to be using placeholders in your SQL statements.

Hope this helps,
MrCromeDome