SQL Injection & General SQL - How does this work?

Question

I have been reading a PDF (and around the web in general) on SQL Injection and want to make sure of my understanding (it's here if anyone was wondering: http://www.imperva.com/docs/WP_SQL_Injection_Protection_LK.pdf).

If a website expects a username and a password and will selected and display columns based on the query:

"SELECT * FROM users WHERE user=' ".$userlogin." ' AND password=' ".$password." '"

Then what could the possible SQL injections on this be and what would they do?

1) For example would the following injection obtain all columns for all users?

"SELECT * FROM users WHERE user=' any name ' AND password=' any' OR 'test'=test '"

2) Would the following injection do something, if anything?

"SELECT * FROM users WHERE user=' name' OR 1=1 # ' AND password=' any '"

Answer 1

1) Would authenticate a user as 'test'='test' and thus would always return true

2) Will authorize the user regardless of the password as # starts a comment same with --

SELECT * FROM users WHERE user=' name' OR 1=1-- AND password = 'any'

The idea is the malicious user can continue the query where you left off and do whatever he/she wishes from then on which of course could be just bypassing authentication but also:

LOAD_FILE (allows reading files on the remote host)

INTO OUTFILE (allows writing files on the remote host often with the easily obtainable goal of RCE).

UNION SELECT (usually used when dumping information from the database)

None of these will work without the correct permissions this is why it's incredibly important to not use the root/dba account for anything other than local administration and creating accounts for each individual use with permissions tailored to that use's needs so that, much like users on a computer, one user may not touch another user's things.