And what about something similar to

my @pieces = ('<STN>PIKE RD & BUCK RD</STN>',
              "''' &amp;",
              'another mess');
my $sql = 'insert into mytable (location_desc) values (?);';
my $sth = $dbh->prepare($sql);
foreach (@pieces) {
  $sth->execute($_);
}
[download]

I am not absolutely sure that Oracle DBD can bind variables, but if it can, you, imho, don't have to escape nothing...

I wrote the code by hand, errors can happen :)