Along the same lines, it's a bit of a security risk to store cleartext passwords in the database. Better to store a hash or encrypted version of the password. Check out the MD5 and Crypt:: family of modules on CPAN. You might also want to consider letting the database do the matching work with something along the lines of:

my $user_info = $dbh->selectrow_hashref(q/
   select <some fields> 
   from users 
   where id = ? and password = ?
/,undef, $id, $password);

if (defined $user_info) {
   # valid user
} else {
   # handle a bad one here
}