DBI comes with something to helps you with making sure that you code is clean wrt sql injection attacks. When you connect to the database you can add a  TaintIN => 1 to the dbi connection attribute hash. Then if you run your code in taint mode, DBI will barf when you try to use a tainted value.