my $dbh = DBI->connect( ... );my $sql = "insert into tbl_name(col_one,col_two)

1. my $dbh = DBI->connect( ... );
2. my $sql = "insert into tbl_name(col_one,col_two) values($val1, $val2)";
3. my $sth = $dbh->prepare($sql);
4. $sth->execute();
5.  
6. $sth = $dbh->prepare("insert into tbl_name(col_one,col_two) values(?,?)");
7. $sth->execute($val1, $val2);
8.  
9. $sql = sprintf "SELECT foo FROM bar WHERE baz = %s",
10. $dbh->quote(q("Don't"));
11.  
12. $sql = sprintf "SELECT foo FROM bar WHERE baz = %s",
13. $dbh->quote("Don't");
14.  
15. $sql = sprintf "SELECT foo FROM bar WHERE baz = %s",
16. $dbh->quote(q("Don't"));
17.  
18. my $dbh = DBI->connect(...);
19. my $name_pairs = get_csv_data("data.csv");
20. my $sth = $dbh->prepare("INSERT INTO t1 (first_name, last_name) VALUES (?,?)");
21. for my $pair (@$name_pairs) {
22. unless ($sth->execute(@$pair)) {
23. warn($sth->errstr);
24. }
25. }
26.  
27. # Here, I am confident about the hash keys, less so about the values
28. $sql = sprintf("INSERT INTO t1 (%s) VALUES (%s)",
29. join(",", keys(%hash)),
30. join("," map { $dbh-quote($_) } values(%hash))
31. );
32. $sth = $dbh->prepare($sql);
33. unless ($sth->execute) {
34. warn($sth->{Statement});
35. }