# this works, but don't do it... The "correct" way is bind-vars
$value = $dbh->quote("sneaky text with posessives' in it");  $sql = "update set column = $value";

##</code><code>##

# Do this every time:
my $sth = $dbh->prepare("update table set column=?") or die $dbh->errstr;
   $sth->execute("sneaky text with posessives' in it") or die $dbh->errstr;