my $dbh = DBI->connect($db_dsn,'user') or die $DBI::errstr;
my $sth = fire_sql($dbh,$psw,$numm);
while(my $result = $sth->fetchrow_hashref() ){
   print $result->{'psw'}." -> ".$result->{'Geheim'}.' -> '.$result->{'Nummer'}."\n";
}

sub fire_sql{
  my ($dbh,@params) = @_;
  my $stmt = 'SELECT * FROM injection_test WHERE psw=? AND Nummer > ?';
  my $loc_sth = $dbh->prepare($stmt) or die $dbh->errstr();
  $loc_sth->execute(@params) or die $dbh->errstr();
  return $loc_sth;
}