I had to robustify a database layer that was talking to a DB that couldn't store a range of characters including single quote and other punctuation. Also some of the calling code, which I wasn't able to touch, would fail to escape quote characters properly.
Code snippets:

sub fix_dodgy_chars
{
   my $s = shift;
   $s = '' unless defined $s;
   $s =~ s/[:;<>\[\]`{|}\000-\037£]/ /g; # replace dodgy chars with sp
+ace
   $s =~ s/\'/\_/; # single quote translated to underscore
   $s;
}

sub Prepare
{
...
# map non-escaped embedded single or double quotes to underscore where
+ neither at end of line
# nor followed by semicolon, comma, whitespace or rightbracket
$sqlstring =~ s/([^\\\s\,\(])([\'\"])(?!($|[\;\,\s\)]))/$1_/g;
# then examine quoted strings and replace characters that sql cannot h
+andle, currently
#   : ; < > [ ] ` { | } &
$sqlstring =~ s/\"([^\"]*)\"/'"'.fix_dodgy_chars($1).'"'/ge;}
...
}
[download]

--
peterdragon