my $user_name = $cgi_object->param('user_name'} || '';
my $passwd = $cgi_object->param('passwd') || '';
unless ($user_name && $passwd) {
# handle cgi param error
}

##</code><code>##

eval {
  $sth = $dbh->prepare("select pass from users where user=?");
  $sth->execute($user_name);
};
if ($@) {
# handle database error
}