Congratulations, you appear to be preventing sql injection, but your program flow is buried -- a function called Do_SQL usually has no business calling exit Try something like this

Main(@ARGS);
exit(0);
sub Main {
   my $query = CGI->new;
   my $ret = eval { DoSql($query); };
   if( $@ ){
      print_error_response();
   } else {
      print_results($ret, $query);
   }
}
[download]

See CGI::Application/Catalyst/CGI::Prototype for different ways of simplifying this separation of concerns