A double hyphen in MSSQL will comment out everything after it on the same line.

Therefore a single tick followed by a double hyphen may be used in an SQL injection attack to throw away sanity checking at an end of a line of SQL.