As the 2 posters above mentioned, use placeholders, and
also the $dbh->quote($string) method.
Most likely your errors, are related to data not being correctly escaped before being fed to the database.
This can also be a major security hole... for example...
$dbh->do("DELETE FROM table WHERE foo='$bar'");
Seems ok, until someone does something like this:
$bar = "x' OR ''='";