my $sth = $dbh->prepare("
  SELECT * FROM foo WHERE bar=? AND baz=?
"); 
$sth->execute($string1, $string2);