The first thing I'd suggest is get rid of the nasty way you create your SQL queries ... use parameterised queries instead
https://www.dotnetperls.com/sqlparameter[
^]
The second thing is - why are you storing a password ? no,no,no - really bad idea - storing a hash of a password, then hashing the input from the user and comparing hashes, yes, yes, yes
Third - I think you need to check what you're trying to do - does 'ExecuteScalar' return a 'row' value like you want, or, perhaps, it returns a single value from (for example) 'select count * from table where ...' - so your first use is more correct, the second ie
string checkpasswordQuery = "select Password from UserData where UserName = ' " + UserNameBOX.Text + "'";
SqlCommand passComm = new SqlCommand(checkpasswordQuery, conn);
string password = passComm.ExecuteScalar().ToString().Replace("", "");
no ....