Thanks for your reply Michael.

>>I've my local code and would like to know if my code is open for hackers.
>>I'd like to see if it's possible to drop a database by simply insert mysql
>>statement in any field (text box or anything). Does anybody know how to
>>check ?
>
> Google for (Advanced) SQL Injection.
I can't check the injection technique: here is my code:
$colname_Recordset1 = $HTTP_POST_VARS['User'];
$colname_Recordset2 = $HTTP_POST_VARS['Pass'];
$query_Recordset1 = "SELECT * FROM person WHERE User =
\"$colname_Recordset1\" AND Pass = \"$colname2_Recordset1\";";

I insert this (user/pass):
" OR 1="1
" OR 1="1
Now, the query result is:
SELECT * FROM person WHERE User = "\" OR 1=\"1" AND Pass = "\" OR 1=\"1";

How to be sure it can't be hacked ?