my $query = $dbh->prepare(= "select name, pass from unpw where name = ?");
# no checking needed here:
$query->execute($entered_un);