This seems to come up from time to time. My suggestion remains this piece of code which avoids the eval security concerns that ikegami brings up by avoiding the extra level of eval. If you took that sub, you would call it like this:

  $string = substitute($string, '([^,]*,)([^,]*,)([^,]*,)([^,]*,)', $s
+tr_regexp);
[download]

However, since this is a comma-separated-value (CSV) file, where you are actually exchanging a given value in the line, I'd definitely second the suggestion to use Text::CSV or Text::xSV or Text::xSV_XS or even DBD::CSV. Then there's no regular expression - you just set $row[3] = $new_db and you're done.