Placeholders and Bind Values
    Some drivers support placeholders and bind values. *Placeholders*,
+ also
    called parameter markers, are used to indicate values in a databas
+e
    statement that will be supplied later, before the prepared stateme
+nt is
    executed. For example, an application might use the following to i
+nsert
    a row of data into the SALES table:

      INSERT INTO sales (product_code, qty, price) VALUES (?, ?, ?)

    or the following, to select the description for a product:

      SELECT description FROM products WHERE product_code = ?

    The "?" characters are the placeholders. The association of actual
    values with placeholders is known as *binding*, and the values are
    referred to as *bind values*.

    Note that the "?" is not enclosed in quotation marks, even when th
+e
    placeholder represents a string. Some drivers also allow placehold
+ers
    like ":"*name* and ":"*n* (e.g., ":1", ":2", and so on) in additio
+n to
    "?", but their use is not portable.

    With most drivers, placeholders can't be used for any element of a
    statement that would prevent the database server from validating t
+he
    statement and creating a query execution plan for it. For example:

      "SELECT name, age FROM ?"         # wrong (will probably fail)
      "SELECT name, ?   FROM people"    # wrong (but may not 'fail')

    Also, placeholders can only represent single scalar values. For ex
+ample,
    the following statement won't work as expected for more than one v
+alue:

      "SELECT name, age FROM people WHERE name IN (?)"    # wrong
      "SELECT name, age FROM people WHERE name IN (?,?)"  # two names

    When using placeholders with the SQL "LIKE" qualifier, you must re
+member
    that the placeholder substitutes for the whole string. So you shou
+ld use
    ""... LIKE ? ..."" and include any wildcard characters in the valu
+e that
    you bind to the placeholder.
[download]

-- Randal L. Schwartz, Perl hacker
Be sure to read my standard disclaimer if this is a reply.