$sql = 'select * from user where name = "'.$name.'" and password = "'.$password.'"';
这样会被注入。比如$name = '";drop table user;select * from user where name="';
$sql 的值就变成 select * from user where name = "";drop table user;select * from user where name="" and password = "pd"
执行结果就是user表被删除了。比较通用的方法是对输入的数据使用addslashes进行转义。另外大多数的php框架都会在拼接sql时转义参数,以防发生sql注入