Read more on Placeholders and Binding Columns in chromatic's article DBI is OK on perl.com. There are both security- and performance-related benefits of using bind variables, particularly when using database engines like PostgresQL, Oracle or IBM DB2.

Do also consider using stored procedures if your database engine supports it.