I notice that you do a

SELECT *
[download]

ovid's node Death to Select Star! suggests that this may not be a good idea.

You may consider using placeholders btrott explains why you might want to user them

To my ignorant eye, it looks like you have a seperate table for each userID. This feels weird and looks like it might make it hard to do stuff like:

my $sql="HERE_DOC;
    SELECT p.userID, LEN(p.passwd) 
    FROM password p
    WHERE LEN(p.passwd)<6 
    GROUP BY p.userID;

HERE_DOC"
[download]

....Also to my eye, HERE documents are nicer way to format SQL than a single line of text.

It might be easier to follow if your main function wasn't CheckPass(). It is a bit more conventional to do something like this inside main():

if ( !CheckPass() ){
    #bail
}else{
    # continue 
}
[download]

You might define some global constants and comments at the top of your program so if the name of your database changes, you or your replacement could change the constant without really remembering how your script worked.

    use constant SCRIPT_DB       => 'script_db' #
    use constant PASSWORD_TABLE    => 'passwd';   #
[download]

As others have pointed out, you may wish to enable taint mode by putting a -T as an argument to perl on your #! line (oddly enough perldoc perlrun indicates this will workin in windoze as well

This will make your program choke on this line:

open FILE, $q->param('File')
[download]

...because you have not removed all the shell characters and somebody could ask you to open a | pipe to a bad command or two

..Hope this helps. I'm sure a more knowledgeable monk will point out any problems with my problems

email: mandog