The strings "or 1=1" and ""or ''=''" can be commonly used to trick an SQL WHERE clause into becoming true.
So if you specify ' or ''=' as a password, you can log in if the query string would be:
select username,pass from users where username='you' and password='' or ''='' limit 0,1;
