my $sth = $dbh->prepare("SELECT * FROM $users_table WHERE username = '$username' AND user_password = '$userpass'");
        $sth->execute;

##</code><code>##

my $sth = $dbh->prepare("SELECT * FROM $users_table WHERE username = ? AND user_password = ?");
        $sth->execute($username,$userpass) or die $dbh->errstr;