As already mentioned, you absolutely want to use DBI and placeholders, but thought i'd mention just for general SQL knowledge that you can escape single quotes. Both of these are valid statements:
$dbh->do("INSERT INTO body (Body) Values ('Here''s a quote')");
my $rows = $dbh->selectall_arrayref("select * from body b where b.Body
+ like '%''%'");