In order to prevent SQL attacks, it should be paired with the login, etc.
SqlConnection objConnection = new SqlConnection (_ConnectionString); objConnection.Open (); SqlCommand objCommand = new SqlCommand ( "SELECT * FROM User WHERE Name = @Name AND Password = @Password", objConnection); objCommand.Parameters.Add ( "@ Name ", NametextBox.text); Objcommand.Parameters.add (" @ password ", passwordTextBox.text); sqldataareader objreader = objcommand.executeReader (); if (ObjReader.Read ()) {