$dbh->quote($some_string);
my $sql = "update some_table where some_attr = '$some_string'";