my $user_dbh = $dbh -> prepare("select name, passwort from user where name = '".$name."' and passwort = password($passwort)");

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ')' at line 1

password($passwort)

''

my $user_sth = $dbh -> prepare("select name, passwort from user where name = ? and passwort = password(?)");
$user_sth->execute($name, $password);

my $name = "' or name = 'admin";
my $passwort = "') or passwort not in ('";                                                                
my $sql = "select name, passwort from user where name = '$name' and passwort = password('$passwort')";
print $sql;

select name, passwort from user where name = '' or name = 'admin' and passwort = password('') or passwort not in ('')