my $input = param('input'); #or however you're getting it
chomp $input;
#any other processing to deal with unwanted characters

my $sth = $dbh->prepare("SELECT someFields FROM mytable WHERE myqualifier LIKE ?");
$sth->execute("$input*");