open(HAND,"mysql -u $user -p$pass $db < $file | 2>&1") 
      or return "failed: $!";

##</code><code>##

my $user = <STDIN>;
chomp $user;
open (HAND, "mysql -u $user") or die "error $!";
     # if $user = "fred; rm -rf *;" then your script will
     # try very very hard to remove everything in its    
     # working directory.

##</code><code>##

#!/usr/bin/perl -wT 
# the -T flag turns on taint checking
use strict;
my $user = <STDIN>;
chomp $user;

     # make sure that $user only contains word characters
     # these are a-z, A-Z, 0-9 and _
     # if this is so, assign the value found to $user.
     # otherwise, die with an error
unless(($user) = ($user =~ /^(\w+/)$)) {
    die "Invalid username: $user\n";
}

open (HAND, "mysql -u $user") or die "error $!";
     # only good values of $user get to here