The following example demos how you can do this. I also added some logic to create the query dynamically in case the format of the query is determined based on whether a parameter is presented. This demos a select statement, but update or delete has no difference.

my $sql = "SELECT column1 FROM table1 WHERE 1=1 ";
my @bind; #this is where your parameters get pushed in and later used 
+in execute() as values for placeholders.
if ($query->param('foo')){
  $sql .= " AND column2 = ? ";
  push @bind, $query->param('foo');
}
if ($query->param('bar')){
  $sql .= " AND column3 = ? ";
  push @bind, $query->param('bar');
}
my $sth = $dbh->prepare($sql);
$sth->execute(@bind);
[download]