Another variation on my previous reply that might be relevant: I have a web app with a search page for probing a set of related tables, where the user can fill in search terms - it's a bilingual dictionary system, so search conditions can include things like headword spelling, pronunciation, part-of-speech, translated meaning, etc, in arbitrary combinations.
in reply to Simplifying queries in DBI
When the search form is submitted, the app loops over the fields that have been filled in by the user, and assembles two parallel arrays: "@where_clauses" and "@where_values". The first array is used to build the SQL statement (table names and join conditions are added as needed), and the second array is passed to the execute call for that statement. This way, the ordering of fields and placeholder values is assured.