You should use placeholders. Read the perldoc for DBI, and DBD::mysql

$sth = $dbh->prepare("INSERT INTO walstock (sid, name, qty) VALUES (?,
+?,?)");
# ok, we have 3 placeholders, pass 3 params to the execute function.

if ($sth->execute('DEFAULT', $Data1, $Data2)) {
  print "Worked, cool";
}
else {
  print "Didn't work, uncool, error is: $DBI::errstr";
}
[download]

The placeholders, in some cases speed up your queries, but the main concern, is they escape data properly, which makes for safe queries, and little risk of sql-injection attacks. Imagine this ($user_id read from data a user submitted)

# we expect $user_id to be a user_id, but we dont' check it.
$dbh->prepare("DELETE FROM foo WHERE user_id=$user_id");
# looks good, except, the user submitted as the value for user_id: 10 
+or 1=1
# so we end up with, "DELETE FROM foo WHERE user_id=10 or 1=1
# which in effect, deletes everything, because 1 always equals 1
[download]

The moral of the story, always use placeholders by default. If you choose not to use them, you know why you aren't using them, and know to verify your data extra carefully. Make using them the default, and think about any time you aren't using them.

(updated, thought of last paragraph after I hit submit, so I added it)
(updated again, removed question about DEFAULT, as it's a valid mysql keyword)