my $sql = "SELECT * FROM news WHERE name = ?";
my $sth = $dbh->prepare($sql) || die "$DBI::errstr";
$sth->execute($news) || die "$DBI::errstr";