my $session        = $query->param('session');
$stmt = "DELETE FROM shopcart WHERE session = '$session'";

##</code><code>##

$session = "' OR '' = '";