Hi guys, thanks for reading.
In this query without sanitization (in MySQL):
SELECT * FROM logins WHERE username= AND password= ;
I can bypass this with username= 'or '1'='1 and the same for password.
I know that if I input username= whatever' or '1'='1 then I log in with user "whatever" meanwhile "whatever" exists in the logins table and I no need to bypass password field.
But I don't understand why if I input username= whatever and password= 'or '1'='1, I log in but not like user "whatever". I don't catch the point...