Don't forget that password() is a mysql function, so the following is valid usage:

my $sql = "select password('$clearpass')";
[download]

Nothing wrong, indeed the single quotes are needed.

update: OP mentions $pass=password('$clearpass'), which might be taken out of an insert:

my $sql = "insert into tab set $pass=password('$clearpass')";
[download]