小弟目前再研究sql injection 的相關問題，
照著網路上的教學，發現我使用' OR 1=1 -- 還是無法駭進自己的登入系統
使用 ' OR 1=1 -- ，把$sql_login echo 出來在--後面會多一個'
SELECT account FROM admin WHERE account = '123' OR 1=1 --' AND password = ''
想請問'在--橫面不是等同於被佇解掉了嗎?那為何無法執行登入呢?
有沒有推薦的資源讓我多了解sql injection這方面的知識呢?

<?php
    require_once 'connection/connect.php';
    session_start();
?>
<?php
    if(isset($_POST['login_check']) && $_POST['login_check'] == 'login_check'){
        $sql_login = "SELECT `account` FROM `admin` WHERE  `account` = '{$_POST['account']}'  AND `password` = '{$_POST['password']}' ";
        $result_login = mysqli_query($link,$sql_login);
        $row_login = mysqli_num_rows($result_login);

        //SELECT `account` FROM `admin` WHERE `account` = '123' OR 1=1' -- AND `password` = '' 不可
        //SELECT `account` FROM `admin` WHERE `account` = '123' OR 1=1' -- AND `password` = ''
        //SELECT `account` FROM `admin` WHERE `account` = '123' OR 1=1 --' AND `password` = ''
        //SELECT `account` FROM `admin` WHERE `account` = '123' OR 1=1 -- AND `password` = ''  可
        echo $sql_login;

        if($row_login){
            $_SESSION['MM_USERNAME'] = $_POST['account'];
            header("Location:index.php");
        }else{
            header("Location:login.php");
        }
    }
    
?>
<!DOCTYPE html>
<html lang="en">
<head>
    <meta charset="UTF-8">
    <meta name="viewport" content="width=device-width, initial-scale=1.0">
    <meta http-equiv="X-UA-Compatible" content="ie=edge">
    <title>Document</title>
</head>
<body>
    <form action="<?php echo $_SERVER['PHP_SELF'] ?>" method="POST">
        <label>帳號:<input type="text" name="account"></label>
        <label>密碼:<input type="password" name="password"></label>
        <input type="hidden" name="login_check" value="login_check">
        <input type="submit">
    </form>
</body>
</html>