my $user_sth = $dbh -> prepare("select name, passwort from user where name = ? and passwort = password(?)");
$user_sth->execute($name, $password);