Along the same lines, it's a bit of a security risk to store cleartext passwords in the database. Better to store a hash or encrypted version of the password. Check out the MD5 and Crypt:: family of modules on CPAN.
You might also want to consider letting the database do the matching work with something along the lines of:
my $user_info = $dbh->selectrow_hashref(q/
select <some fields>
from users
where id = ? and password = ?
/,undef, $id, $password);
if (defined $user_info) {
# valid user
} else {
# handle a bad one here
}