How to create a dynamic SQL query?

CGI perl , /:

-, where 1 = 1, "" :

my $whereClause      =<<ENDWHERESQL;
where
   1 = 1
ENDWHERESQL

if ( $op1 ne "*" )    { $whereClause .= "     and op1 = '".safeSQL($op1)."'\n"; }
if ( $op2 ne "*" )    { $whereClause .= "     and op2 = '".safeSQL($op2)."'\n"; }
if ( $op3 ne "*" )    { $whereClause .= "     and op3 = '".safeSQL($op3)."'\n"; }

SQL-, , , - "? op1 = ( sql)" URL-, :

#******************************************************************************
# Function: safeSQL()
#   Author: Ron Savage
#     Date: 04/22/2009
# 
# Description:
# This removes update,create,drop,deletes from SQL.
#******************************************************************************
sub safeSQL
   {
   my $cmd;
   my ( $inText,$commandList ) = @_;

   if (!defined($commandList)) { $commandList = "create,delete,select,update,dele,drop,exec,insert"; }

   foreach $cmd (split(/\,/,$commandList))
      {
      $inText =~ s/ $cmd |^$cmd /** no_${cmd}_allowed! **/gi;
      }

   return($inText);
   }