Do SQL injection attacks always use a ' character?

Nope, there are other waysYep, it's a must

Correct! ' isn't the only method. There are many characters like -- that you could use to exploit input.

Whoops! ' isn't the only method. There are many characters like -- that you could use to exploit input.