zak100 has asked for the wisdom of the Perl Monks concerning the following question:

Hi, I have written following perl code:
#!C:/Perl64/bin/perl.exe use DBI; use CGI; $cgi = new CGI; ##Create table using cgi $dbh = DBI->connect("dbi:mysql:TestDB", 'root','zulfi12345') or die "U +nable to connect: $DBI::errstr\n"; $username = $cgi->param( 'username' ) || ''; $password = $cgi->param ('password') || ''; $submit = $cgi->param( 'submit' ) || ''; $sth = $dbh->prepare("SELECT username, password FROM users WHERE usern +ame =$username and password=$password"); $sth->execute(); $found=0; while($row = $sth->fetchrow_hashref) { $found=1; } if ($found==1){ print "Welcome";}
Its giving me following error: Quote D:\Zulfi\PERL MAIN FOLDER>perl DBD::mysql::st execute failed: You have an error in your SQL syntax; check the m anual that corresponds to your MySQL server version for the right syntax to use near 'and password=' at line 1 at line 15. DBD::mysql::st fetchrow_hashref failed: fetch() without execute() at li ne 17. /QUOTE Somebody plz help me in this regard. Zulfi.