This is probably pretty primitive for Perl programming, but I code my SQL like this:
$sth = $db_handle->prepare("select foo from bar where id = ?")
or die( $db_handle->errstr );
$id = 17; ## or whatever
$sth->execute( $id ) or die ( $sth->errstr() );
$baz = $sth->fetchrow_hashref();
I'm working more and more in PHP in a current job and I see nothing like that in the code I'm working with, no binding, just raw SQL commands constructed by variable/string concatenation and fed direct to mysql_query().
What's the professional way to do this in PHP?