Prepared DBI queries are even nicer--you don't have to worry about doing the escaping of the values. Just use a ? for each value in @values in the SQL statement and then pass @values into $query->execute().