I did already try DBI->quote() ...

This is problematic on two counts:

First, DBI/DBD will quote for you automatically if you use query parameters and pass the value to execute(). This is the prefered way to go.

Second, if you really must quote manually, you're generally better using $dbh->quote, which is driver-specific. (You'll get the driver-specific quote() when you use parameter binding.) The form you're using is generic. It basically does

    $str =~ s/'/''/g;        # ISO SQL2
    return "'$str'";
[download]

Note the extra enclosing quotes. Given the way you're building your query, this isn't what you want.