in reply to Securing HTML query strings
If I understand correctly, your concern is with validating info before going to the database, even though there might be some other validations (business rules?) that you are considering. If that is the case, as with the ' character, you could consider using placeholders in your queries.
In Section
Seekers of Perl Wisdom