Just wanted to add that if you just need to 'do' a command instead of preparing/executing it (useful if you are going to execute the same sql statement more than once), it also has support for placeholders (as the previous posters mention, placeholders rock!).

# Note the 'undef' in between the sql statement and the
# bound variables.
$rv = $dbh->do( "UPDATE table SET column=? WHERE column=?",
 undef, "New Value!!", $variable );
[download]

Jason