1) SQL does not accept the
==
operator, only the
=
operator.
2) Never, ever, ever use inline concatenation of parameters in sql strings. This just invites sql injection and should be avoided from the outset when learning.
3) Never, ever, ever use a plain text password
4) If you are going to do this, do it as described in this article:
Password Storage: How to do it.[
^]
This is how it should look...
com.CommandText = "Select [id],[name] FROM testtable WHERE user=@userName AND password=@password";
com.Parameters.Add(new SqlParameter("userName", textbox1.Text));
com.Parameters.Add(new SqlParameter("password", textbox2.Text));
bca = com.ExecuteReader();