ConnectionSQL.sql.executeQuery("select * from USERS where 用户='"+name+"' and 密码='"+password+"'"); 参照网上这句怎么不行啊?select from user where username='&&replace(request.form("UserID"),',")&&' and password=' &&replace(request.form("Pass"),',")&&