http://www.perlmonks.org?node_id=1071398


in reply to Re^2: Escaping %params
in thread Escaping %params

Not to sound like a grumpy old man, but "gets us by" is exactly how insecure systems are created and forgotten. If your goal as stated is to 'prevent SQL injection' then there is only one answer: use place holders.