One solution is to strip out all characters in the user-supplied data that aren't explicitly allowed and then generate your regex based off of that.
Update -- Try this sample code:
#!/usr/bin/perl
use warnings;
use strict;
my $query = shift;
die "usage: $0 query-string\n"
if not $query;
print "Original query: '$query'\n";
$query =~ s/[^\w\*]//g;
print "Safe query: '$query'\n";
$query =~ s/\*/\\w\*/g;
print "Parsed query: '$query'\n";
while (<DATA>) {
print "match: $_"
if /$query/i;
}
__DATA__
invitation
information
Isolation
InFlaTiOn
IATION
In our nation
it requires concentration
at ionizing radiation
Note that "at ionizing radiation" matches because the iation in radiation matches. Did you just miss that, or should it not match?