After closing the query with a single quote ('), we add OR 1=1. This part of the injection exploits a SQL logic flaw: 1=1 is always true. So, if the first condition in the query fails, the 1=1 part will always be true, effectively bypassing authentication and logging into the account. The -- at the end is used to comment out the rest of the SQL query, preventing any syntax errors from interfering with the injection.