Just as an additional note, in a production environment, you might what to read up on DBI placeholders. Otherwise, when these sort of statements

my $session        = $query->param('session');
$stmt = "DELETE FROM shopcart WHERE session = '$session'";
[download]

get executed, and for example some little bastard has entered the following as the value for 'session'

$session = "' OR '' = '";
[download]

the contents of your shopcart table will get thoroughly trashed... :)