my $sql = sprintf "select * from foo where bar = %s", $dbh->quote($userinput);