use DBI;
my $dbh = DBI->connect(...);
# WRONG my $insert = $dbh->prepare("INSERT INTO my_table VALUES(my_column)");
# Thanks Narveson!
my $insert = $dbh->prepare("INSERT INTO my_table (my_column) VALUES( ? )");

my $evil_string = q{"'|?°*;--};
$insert->execute($evil_string); # no problem