Your query should be
string chkUser = "Select * FROM [User] where Email=@UserName AND Password=@Password;";
Use command parameters to provide the values for
@UserName
and
@Password
You've said you know about this so I haven't provided an example.
Note the space before
AND