Fast and dirty solution:

It probably wouldn't be that hard to programatically extract the SQL bits from a DBI->trace dump, so he doesn't have to find the needle amid the haystack. Below is an excerpt from a DBI->trace(1, $tracefile) dump I did the other day from Class::DBI code:

    <- connect= DBIx::ContextualFetch::db=HASH(0x573ae0)
 T  <- STORE('dbi_connect_closure' CODE(0x573b88))= 1 at DBI.pm line 6
+62
 T  <- prepare_cached('SELECT id, location, membership_level, im_servi
+ce, last_name, password, im_handle, url, registration_date, profile_u
+pdated, priv_email, email, email_bouncing_p, first_names
FROM   dashboard_user
WHERE  id = ?
')= ( DBIx::ContextualFetch::st=HASH(0x5674a4) ) [1 items] at DBI.pm l
+ine 391
 T  <- FETCH('Active')= '' at DBI.pm line 1124
 T  <- FETCH('Taint')= 1 at ContextualFetch.pm line 49
    <- STORE('Taint' 0)= 1 at ContextualFetch.pm line 50
    <- execute(1)= 1 at ContextualFetch.pm line 51
 T  <- STORE('Taint' 1)= 1 at ContextualFetch.pm line 52
[download]

Depending on the specifics of your configuration, you might be able to get away with looping through the tracefile with a regex like (untested):

/^ T  <- prepare(_cached)?\('(.+?)'\)= \( DBIx::ContextualFetch::st=HASH\(/

... where the SQL would be stored in $2.

(Incidentally, it looks like my tainting is being turned off on every execute! I had never noticed that before ...)