Placeholders are the only way to deal with this matter, to avoid the Bobby Tables problem.   (The cartoon on the front page of the site at this link says it all.)

What if the value that made it into $count ... by whatever means ... consisted of:   “23); DROP TABLE arabic_corpus;”??   If your application connects to the database with a user-id powerful enough to issue a DROP TABLE statement and have it “stick,” your table is now gone.   (And unfortunately, many applications built by lazy programmers simply connect with a single user-id that is all-powerful.)   SQL injection ...

And by the way, another good reason is efficiency.   prepare() a statement-handle once, for a statement that includes placeholders.   Then, repeatedly execute the prepared statement, changing the placeholder values as often as necessary.   The overhead of preparing the statement (such as it is ...) occurs only one time.   And, if you put those inserts into a transaction of reasonable size (when using certain kinds of databases), now you would really see some improved speed.

Just modify your $insert_query first, to escape all occurrences of apostrophe "'":

    $insert_query =~ s/'/\\'/g;
[download]

This changes each "'" into "\'" (you have to escape the backslash "\" in the regular expression, which why there are two).

Update:   I agree with runrig that $dbh->quote is preferrable (as is using placeholders). On second look my way wouldn't quite work anyway, since you've got apostrophes within the string, though you could still get away with the regex if it didn't contain apostrophes to begin with; eg.:

    insert_query = qq{INSERT INTO arabic_corpus (crps_word, crps_count
+) VALUES ("$word", "$count")};
    $insert_query =~ s/'/\\'/g;
[download]

$insert_query =~ s/'/\\'/g;
[download]

No, the right way would be to use the $dbh->quote() method, or even better, to use placeholders as suggested below.

Thank you ! Placeholder works well