https://blog.csdn.net/lin_tuer/article/details/54809330
https://github.com/mysqljs/mysql#escaping-query-values
sql注入,由字符串拼接
or、and、union等
SELECT * FROM `users` where username = 'cnloop'and 1=1--''
分号等
SELECT * FROM `users` where username = 'cnloop';SELECT VERSION()--''
通过转义特换的方式解决