Use placeholders! Like this:

my $uname = q{leander@whatever.com};
my $res = $dbh->selectall_arrayref(
    q{SELECT uname, pwd FROM login WHERE uname=?},{},$uname
};
[download]

P.S. This has nothing to do with the @ character, it has to do with the fact that unless you use placeholders or the $dbh->quote() method, you need to have single quote marks around string values in SQL.