So you suspect a page might be vulnerable to SQL Injection but before you run it through SQLmap, you can try the following statements to manually test the input:

The intention is for this post to grow over time and become a repository of all the sucessful manual injection points  I use.

'
admin' or '1'-'1
admin' or 1='1

Try variations in quote placement.