SQL注入绕过PHP过滤器

在工作中尝试学习各种SQL注入技术时，我陷入了以下问题。我正试图为以下代码编写一个SQL注入。我的目标是只输入已知注册用户的用户名(例如：test(，并附加额外的输入，绕过以下过滤器，最终将被注入最后一行的SQL语句中，使其成为true，并以注册用户的身份登录。我有点不知道如何绕过这一系列的过滤器(尽管我猜我可以使用空白字符的替代品来通过其中一个检查？(什么样的输入可以绕过这一点？谢谢

function sqli_filter($string) {
$filtered_string = $string;
$filtered_string = str_replace("--","",$filtered_string);
$filtered_string = str_replace(";","",$filtered_string);
$filtered_string = str_replace("/*","",$filtered_string);
$filtered_string = str_replace("*/","",$filtered_string);
$filtered_string = str_replace("//","",$filtered_string);
$filtered_string = str_replace(" ","",$filtered_string);
$filtered_string = str_replace("#","",$filtered_string);
$filtered_string = str_replace("||","",$filtered_string);
$filtered_string = str_replace("admin'","",$filtered_string);
$filtered_string = str_replace("UNION","",$filtered_string);
$filtered_string = str_replace("COLLATE","",$filtered_string);
$filtered_string = str_replace("DROP","",$filtered_string);
return $filtered_string;
}
function login($username, $password) {
$escaped_username = $this->sqli_filter($username);
// get the user's salt
$sql = "SELECT salt FROM users WHERE eid='$escaped_username'";
$result = $this->db->query($sql);
$user = $result->next();
// make sure the user exists
if (!$user) {
notify('User does not exist', -1);
return false;
}
// verify the password hash
$salt = $user['salt'];
$hash = md5($salt.$password);
error_log(print_r($escaped_username));
$sql = "SELECT user_id, name, eid FROM users WHERE eid='$escaped_username' AND password='$hash'";