session.createQuery("select count(*) from CpUser where ID = ? and password = ?")
.setString(0, userForm.getId())
.setString(1, userForm.getPassword());
如:1' or 1=1进行MD5后变成这样了B102C867D61C4E034BA01040441E5487
select userpwd0_.id as id, userpwd0_.userid as userid, userpwd0_.password as password from userpwd userpwd0_ where (userid='EA04' )and(password='B102C867D61C4E034BA01040441E5487' )