I've been trying to research why 'OR''=' works for SQL injection?
What does this query match?
'Cause you can make the query end happily in the middle of "where", then insert your own code.
Select group from user where id='1' or ''='';
is the way you want it to look like.
Analyze the code:
Select group from user where id='PARAMETER';
Is what you have to work with. And the ID is the parameter. So you tinker with that, and instead of an ID, you close the quotes, insert the comparison, and leave the last quote open (so it matches the closing one) so PARAMETER is:
' or ''='
Empty string equals empty string, the query returns immediately with a user group for the attacker.
As pointed out in the comments to my answer, the database engine in question shapes the attack. So you make sure you make the proper comparison. Your attack might need to look like this:
or '1'='1
For the second question: it matches everything. Or nothing.