Not like that!
Firstly, because that code it wide open to abuse: Never concatenate strings to build a SQL command. It leaves you wide open to accidental or deliberate SQL Injection attack which can destroy your entire database. Use Parametrized queries instead. Concatenation in your login means that anyone can bypass your security if they want, pretend to be you perhaps; or delete your database just by typing in a textbox.
Secondly, because you should never store passwords in clear text - it is a major security risk. There is some information on how to do it here:
Password Storage: How to do it.[
^]
Also see here:
Code Crimes Number 1[
^]
And BTW:
1) Do yourself a favour, and stop using Visual Studio default names for everything - you may remember that "TextBox8" is the mobile number today, but when you have to modify it in three weeks time, will you then? Use descriptive names - "tbMobileNo" for example - and your code becomes easier to read, more self documenting, easier to maintain - and surprisingly quicker to code because Intellisense can get to to "tbMobile" in three keystrokes, where "TextBox8" takes thinking about and 8 keystrokes...
2) Don't "hard code" connections strings either. Always store them in configuration or settings files.
3) Connections and Commands are scarce resources: they should be Closed and Disposed when you are finished with them. I'd suggest a
using
block for both.