# Escape "wildcard" characters in user input:
    my $pattern= quotemeta($string_from_user);
    # Escape things processed by 'single quote' parsing:
    $pattern =~ s#([\\'])#\\$1#g;
    "... LIKE '%$pattern%' ..."