my $sth = $dbh->prepare("
  SELECT * FROM foo WHERE bar=$qstring1 AND baz=$qstring2
"); 
$sth->execute();

##</code><code>##

my $sth = $dbh->prepare("
  SELECT * FROM foo WHERE bar=? AND baz=?
"); 
$sth->execute($string1, $string2);