where you have declared $initc?? what values it contains????
$initc would be a param from form input
another example:
-
-
-
use CGI qw(:standard -debug);
-
use CGI::Carp qw(fatalsToBrowser);
-
use Mysql;
-
-
-
$name=param('name');
-
$password=param('password');
-
-
$host = "127.0.0.1";
-
$database = "users_l";
-
$tablename = "users";
-
$user = " ";
-
$pw = " ";
-
-
$connect = Mysql->connect($host, $database, $user, $pw);
-
$connect->selectdb($database);
-
$myquery = "SELECT password FROM user WHERE name='$name'";
-
$execute = $connect->query($myquery);
-
-
-
while (($sqlpassword) = $execute->fetchrow_array())
-
{
-
-
if ($password eq "$sqlpassword")
-
{
-
print "Login Accepted.";
-
}
-
elsif ($password ne "$sqlpassword")
-
{
-
print "Error Password Incorrect";
-
}
-
elsif ($sqlpassword eq undef)
-
{
-
print "User Not Found Please Try Again.";
-
}
-
}
-
Note: i would also check for perl and SQL cancel characters in the password and user param (never trust your users), as this could lead to unsecure program,
the use of ',;:/.%*)(^%$#@!`~+= try to cancel those characters. (also this will prevent future errors with SQL)