http://www.perlmonks.org?node_id=875170


in reply to Wrong SQL Syntax?

Use Placeholders
my $sth = $dbh->prepare("SELECT userid, login_name, realname FROM prof +iles WHERE login_name = ?"); # and then $sth->execute($user_login_name);
Cheers,
Darren