"...read in a file that contains text and some perl variables."
Just don't do that. :-) Use a template system e.g. HTML::Template
*. That is, imo, the best way to go for that part of your problem.
But it still leaves you with the next problem you'll have and which experienced monks are warning you about: quoting SQL properly. For that, placeholders are the way to go.
* Don't worry about the HTML part of the name, it is, again imo, a handy templating system. Of course there are many others. It is just one that I am very familiar with.