Use the 'place holder' variation. It's well described in the docs for DBI.

my $sql = "insert into my_table " .
          "(COMMENT) " .
          "values (?)";

my $sth = $dbh->prepare($sql);
my $rc = $sth->execute($comment);
[download]

/\/\averick
perl -l -e "eval pack('h*','072796e6470272f2c5f2c5166756279636b672');"