in reply to Escaping %params
Use the quote method of your database handle:
my $escapeId = $dbh->quote( $params{id} )