Even though you are using placeholders, it's still a good idea to use a regexp to remove anything you don't want.
$var1=~s/[^A-z0-9, \.]//g;
works for me, but a) the little regexp can probably be better written and b) only allows set characters (upper and lower case letters, numbers, commas, spaces and full stops). Just an added layer of security.