1) Would authenticate a user as 'test'='test' and thus would always return true
2) Will authorize the user regardless of the password as # starts a comment same with --
SELECT * FROM users WHERE user=' name' OR 1=1-- AND password = 'any'
The idea is the malicious user can continue the query where you left off and do whatever he/she wishes from then on which of course could be just bypassing authentication but also:
LOAD_FILE (allows reading files on the remote host)
INTO OUTFILE (allows writing files on the remote host often with the easily obtainable goal of RCE).
UNION SELECT (usually used when dumping information from the database)
None of these will work without the correct permissions this is why it's incredibly important to not use the root/dba account for anything other than local administration and creating accounts for each individual use with permissions tailored to that use's needs so that, much like users on a computer, one user may not touch another user's things.