Because you're not using parameterized queries your result SQL statement looks like this:
select count(*) from [LoginDB] where (Username ='username') = (Password'password')
See anything wrong with that statement?
Because of the string concatenation stuff you're not seeing the problem in your code. Use parameterized queries instead and the code becomes much easier to read.
CommandText = "Select COUNT(*) FROM [LoginDB] WHERE Username = @username AND Password = @password";
Google for "C# Parameterized Queries" for a lot more discussion and examples.
Google for "SQL Injection" to find out why what you're currently doing is so insecure and dangerous.
Google for "How to store passwords" to find out why storing passwords in plain text is making your security problem even worse.