my $sth = $dbh->prepare("select * from foo where bar = ?");
$sth->execute($userinput);