See, I personally find this much easier to read, but I tend to find each loops generally hard to read. (I recognize that they're sometimes necessary for efficiency reasons, but still consider them ugly) Maybe it's just me.

my @fields = keys(%hash);
my @params = @hash{@fields};
my $query = "SELECT row_id FROM Table WHERE " . 
             join(" AND ", map {"$_ = ?"} @fields);
[download]

If for some reason the interface you have won't accomodate the extra separate @params parameter, you could also do this, though this depends on having the DBI handle available when you're forming the query:

my @fields = keys(%hash);
my $query = "SELECT row_id FROM Table WHERE " . 
             join(" AND ",
                  map {"$_ = " . $dbh->quote($hash{$_})} @fields);
[download]

However, I'd still go with the first, assuming that passing along the @params list is doable.