$sql = "select name, pass from unpw where name = '$accepted_name'";
No, please don't recommend that.
As Fletch writes above, that's still trivial to bypass. It's far too easy to write a regexp that will slip something unwanted through, which would, when not combined with placeholders or
DBI::quote, represent a security risk.
Use placeholders.
Update: Revoked statement on triviality.
--
No matter how great and destructive your problems may seem now, remember, you've probably only seen the tip of them. [1]