Assume that u have a website that uses relational databases to implement login from.

the form was constructed by a string query $=$ SELECT sms Token FROM users WHERE user $=""+$user$+\text{'}\text{'}\text{'}\text{'}$AND password $=""+$pass$+"".$whichof the following test inputs can be taken for username and password fields to test the vulnerability SQL injection?

select all that apply

a$.$password field with the text $\text{'}$ OR $1=1--$

b$.$password filed blank with user field text user $\text{'}$OR $1=1--$

C$.$NONE

D$.$password field with the text $"$OR$1=1--\text{'}$