The tester account did not exist in the database; however, the ' or 1=1--<space> payload resulted in bypass the authentication mechanism because the SQL code constructed the query based on unsanitized user input. The account of admin is the first account created in the database, so the database defaulted to that account.