Hmm.. For substitutions, I usually do this:

my $query = "exec OSP_FOO_BAR(?, ?, ?)";
my $sth = $dbh->prepare($query);

$sth->execute($xvar, $yvar, $zvar);
[download]

This should make sure that the variables are insert with correct escape codes. Perhaps this will be enough?

Namaste

C.J.