示例:
var varname = '汤姆';
var varpasswd = "' or '1' = '1" ;
var sql = "select * from tb_name where name= '"+varname+"' and password='"+ varpasswd + "'";
console.log(sql);
// 打印sql为: select * from tb_name where name= '汤姆' and password='' or '1' = '1'
// 由于or '1' = '1' 总是成立 故能查出所数据