quotemeta is close but not a perfect fit. It will escape (with a backslash) any non-alphanumeric which includes ALL punctuation and even spaces.

In most dialects of SQL, quotes are escaped by doubling them:

he said, "I'LL be back"
[download]

Would need to become:

'he said, "I''LL be back"'
[download]

Using the example given by the questioner. There's no need to escape other punctuation or spaces. And I said most, because the quoting given by DBI::quote() will match that required by the database transparently.

Update OK, alfie so you updated your reply while I was writing that. And ++ for the bit about asking for an e-mail.

-- iakobski