@p_sql_tmp=();

&open_sql('SELECT * FROM injection_test WHERE psw='.v($psw).' AND Nummer >'.v($numm), \@p_sql_tmp,$DB_DSN); #Start MSSQL                                                  
while (  $result = $sth->fetchrow_hashref() )
{
    print $result->{'psw'}." -> ".$result->{'Geheim'}.' -> '.$result->{'Nummer'}."\n";
}
&close_sql; #END MSSQL




#--------------------------- subs ----------------

sub v
{push(@p_sql_tmp,shift);return '?';}              &
nbsp;             #Paramenter



#-- meine alte subs aber leicht angepasst --
sub open_sql                
               
               
       #SQL öffnen
{    
#    local $state = shift;
#    local $params = shift; @params = @{$params};                   #XXX
#    local $con_strig = shift;

    $dbh = DBI->connect($_[2],'user');
    $sth  = $dbh->prepare($_[0]);
    $sth->execute(@{$_[1]});
}

sub close_sql { $sth->finish(); $dbh->disconnect();} #SQL schliessen....