If you don't want to use a placeholder then there is another option (from the CPAN DBD::mysql driver documentation):

  # INSERT some data into 'foo'.
  # We are using $dbh->quote() for
  # quoting the name.
  $dbh->do("INSERT INTO foo VALUES (1, " 
           . $dbh->quote("Tim") 
           . ")");
[download]

The quote function will put apostrophes around your quoted text, and escape any nasty characters.