I am currently studying how SQL injections work. Many training sites have examples, such as
SELECT fieldlist FROM table WHERE field = 'x' AND email IS NULL;
In the "field" field, the content that will be checked comes from a text field or something similar from the website. In this case, user input x' AND email IS NULL; -- x' AND email IS NULL; -- What is the use of -- ??
I saw several similar examples, but no explanation. Am I missing something fundamental?
source share