How "prepare" gets the "real" value of $ID is a mystery to me. But it does! I have several programs that work with this syntax.

It's not prepare that does the magic voodoo, it's the double quotes (and we like to call it interpolation). You really ought to understand the "mystery", especially if you are doing web programming or any other code that allows arbitrary user input. If you are going to interpolate variables into a SQL string, at least do it the "right" way:

my $q_ID = $dbh->quote($ID);
my $sth = $dbh->prepare("select foo from bar where baz = $q_ID");
[download]

In general though, it's better to use placeholders.