对sql注入和web安全有些陌生。我看了很多关于这个主题的帖子，但都找不出答案。我试图打破下面的过滤器注入一个sql命令（为了登录一个已知的用户名，没有密码）。。。

$filtered = $string;
$filtered_string = str_replace("admin'","",$filtered_string);
$filtered_string = str_replace("or","",$filtered_string);
$filtered_string = str_replace("collate","",$filtered_string);
$filtered_string = str_replace("drop","",$filtered_string);
$filtered_string = str_replace("and","",$filtered_string);
$filtered_string = str_replace("OR","",$filtered_string);
$filtered_string = str_replace("COLLATE","",$filtered_string);
$filtered_string = str_replace("DROP","",$filtered_string);
$filtered_string = str_replace("AND","",$filtered_string);
$filtered_string = str_replace("union","",$filtered_string);
$filtered_string = str_replace("UNION","",$filtered_string);
$filtered_string = str_replace("/*","",$filtered_string);
$filtered_string = str_replace("*/","",$filtered_string);
$filtered_string = str_replace("//","",$filtered_string);
$filtered_string = str_replace("#","",$filtered_string);
$filtered_string = str_replace("--","",$filtered_string);
$filtered_string = str_replace(";","",$filtered_string);
$filtered_string = str_replace("||","",$filtered_string);

我应该补充一点，这是一个基于php的网站-一个测试环境，正如alejandro指出的，确实值得被黑客攻击-我只是不知道怎么做