--- mysql/mysql-auth.pl.orig 2012-08-14 17:15:20.523597282 -0400 +++ mysql/mysql-auth.pl 2012-08-14 17:15:22.333591920 -0400 @@ -62,8 +62,10 @@ exit 1; } -my $dbq = $dbh->prepare("select username as username, password as password from users where username=\'$user\';"); +my $dbq = $dbh->prepare("select username as username, password as password from users where username=?;"); +$dbq->bind_param(1, $user); $dbq->execute; + my $row = $dbq->fetchrow_hashref(); if ($row->{username} eq "") {