SELECT * FROM users
A simple hacker like me ;-) can use SQL injection attack by specifying
Password: OR 1 =1
This will allow me to give access to the site. Depending on the query you may need to try other variations like
Password: ') OR ('1=1')
The idea is to inject 1 =1 (which is true) in SQL statement such that the WHERE clause returns TRUE.