To solve your error replace
"', password"
with
"' AND password"
However, I would also suggest you look at SQL Parameters, your code is vulnerable to SQL injection attacks if you are reading literal strings from text boxes.
I would suggest you have a look at some of these search results:
Google search[
^]