in reply to SQL causing 500 error (was: What's Wrong With This?)

I'm a newbie to SQL. When I tried to run a CGI with this: 
my $sth = $dbh->prepare(<<SQL) or die $dbh->errstr;
select count(*) from userlist
where colemail = \'$FORM{'email'}\';
SQL

$sth->execute;

[download]
I get a 500 error.

Drop the semicolon. A lot of SQL engines trip over them.

Taint error. Why aren't you using placeholders? Even if this could work for well-behaved user data entries, it can still easily fail for others. Using a placeholder would prevent that.

And if you've connected to the database with the raiseError attribute set to true, there's no need for the or die... part. 

my $sth = $dbh->prepare(<<SQL);
select count(*) from userlist
where colemail = ?
SQL

$sth->execute($FORM{email});

[download]

In Section Seekers of Perl Wisdom