use CGI;
my $q = CGI->new();

my $string = "What a lovely function!";
$string = $q->escape($string);

# or using the procedural interface...

use CGI qw(:param);

my $string = "What a lovely function!";
$string = CGI::escape($string);