Some random thoughts:

• Security: passing passwords on the command line is insecure, because other users can see them with ps and related tools
• Security: getting the escaping right is non-trivial
• Correctness: getting the parsing of the results right is non-trivial. As far as I can tell there's no reliable way to parse the output from the mysql command line tool, because it doesn't escape "special" characters
• Performance: spawning a new process for each query is costly
• Correctness: You don't check for errors at all.