my $srchString = $cgi-param( ... );
$srchString =~ s/\&#(\d+);/chr($1)/ge;  # convert numeric entities to characters

$srchString .= '%' unless $srchString =~ /%$/;  # add a wildcard for the search

my $sth = $dbh->prepare( "select item_name,blah from table1 where item_name like ?"
$sth->execute( $srchString );
my $rows = $sth->fetchall_arrayref;

for my $row ( @$rows ) {
    my ( $item, $blah ) = @$row;
    $item = decode( 'utf8', $item );  # make sure perl knows this is utf8 data
    # ... do other stuff...
}