As others have noted, ? is the character for place holders in DBI. I recommend reading about them and using them, they make life much better and a far more efficient, especially if you use $dbi->prepare_cached, which won't recompile your sql statement every time.

You should change your function to look like this:

sub Do_SQL {
  my $dbh = shift; # unless you are using a bad global
  my $statement = shift;
  my @values = shift;

  # don't check for errors here as chances are
  # no runtime errors will occur once you are done
  # debuging your code
  my $sth = $dbh->prepare_cached($statement);

  # interopolates your placeholders
  $sth->execute(@values)
    or error_function($dbh->errstr); # you can do 
                                     # the print here
 
}

So, with this you could do database work with:

Do_SQL(
  $dbh, 
  'INSERT INTO some_tbl (some_text) VALUES(?)',
  'Hello?'
);

Keep in mind that this is very limiting; you can't check the return values of your statements to find out the number of rows affected and so forth. cheers.