Right ... here is the WRONG example in Perl ... CODE: my $count; my $crypt_pass1 =crypt($args{pass},$args{username}); my $sth = $dbh->prepare("SELECT COUNT(id) FROM users WHERE username = '$args{username}' AND password ='$crypt_pass1'"); $sth->execute(); $sth->bind_columns(\$count); $sth->fetch; # If this counter count 1 --> there is a true combination if ($count == 1){ the result is: if you enter the following username (even without pass): xxx' or id ='1'# the counter will count 1 (true) for user with ID 1 ... the password is commented ... and we obtain the following mysql query: SELECT COUNT(id) FROM users WHERE username = 'xxx' or id = '1'# AND password ='$crypt_pass'