Well, the 1st way around it that I can think of would be to drop Win32::ODBC (unless you REALLY need it) and switch do DBD::ODBC! Not only will you be joining the "standard" in perl database programing, but you'll be able to port your code with minor modifications (not to say none) to other database systems. Here's a sample of what you how you would do it:

# 1st prepare the SQL with placeholders
$sth = $dbh->prepare(qq{
  INSERT INTO Comment (
    Field1, Field2
  ) VALUES (
    ?,?
  )
}) or die("Failed to prepare ".$DBI::errstr);

# now execute what you've prepared with the variables
$rv = $sth->execute($val1,$val2)
    or die("Failed to execute ".$DBI::errstr);
[download]

(btrott wrote a complete select example back in March that also addresses placeholders)

Get the general drift? It gets better... Now you're using ODBC, and I'd guess that you're running Access or MS-SQL, right? If you switch to DBI, you'll be able to connect directly to Oracle, Informix, MySQL and others without the need for ODBC standing as a middle man. Seriously, look into DBI/DBDs, you won't regret it!

#!/home/bbq/bin/perl
# Trust no1!