sub fix_dodgy_chars
{
   my $s = shift;
   $s = '' unless defined $s;
   $s =~ s/[:;<>\[\]`{|}\000-\037£]/ /g; # replace dodgy chars with space
   $s =~ s/\'/\_/; # single quote translated to underscore
   $s;
}

sub Prepare
{
...
# map non-escaped embedded single or double quotes to underscore where neither at end of line
# nor followed by semicolon, comma, whitespace or rightbracket
$sqlstring =~ s/([^\\\s\,\(])([\'\"])(?!($|[\;\,\s\)]))/$1_/g;
# then examine quoted strings and replace characters that sql cannot handle, currently
#   : ; < > [ ] ` { | } &
$sqlstring =~ s/\"([^\"]*)\"/'"'.fix_dodgy_chars($1).'"'/ge;}
...
}