A query that had been used to authenticate users to a website:
SELECT COUNT(PKID_Users) as 'c' FROM Users
WHERE UPPER(Username)='"+this.username.ToUpper()+ "' AND Password='"+this.password+"'
As an added bonus, the code checked the count to make sure there weren’t multiple rows returned (was there was a chance more than one user could have the same user name?)
Thankfully, I replaced the authentication with something sane quite some time ago.