Presistent XSS Filter Bypass Question

I was testing out a stored XSS on a test site I made which is vulnerable so the problem is when I tried executing the usual "><script>alert('XSS')</script>

It did not work instead. But this particular "><script>alert("XSS")</script> javascript works instead.

I did not understand it at first since I did not included any filtering or sanitizing as the back-end code is entirely vulnerable.



But when I tried to look at the back-end SQL query which stores the XSS code as shown below.

UPDATE users set name = 'XSSINPUT'; 

Based on the above SQL query I managed to understand why the first javascript doesn’t work its because its in single quotes hence it closes the SQL query before the whole javascript code is entered and breaks the SQL query as shown below

UPDATE users set name = '"><script>alert('XSS')</script>'; 

hence this is making it unable to execute the javascript pop-up.



Where as this server-side code below managed to execute successfully

UPDATE users set name = '"><script>alert("XSS")</script>'; 

because its in double quotes and does not break the SQL query and successfully allows the DB to execute that SQL query.

So, my question is. Is my understand correct? Feel free to verify my understanding. Thank you!!